How severe is CVE-2021-21416?

This vulnerability has a severity rating of LOW with a CVSS score of 2.6 out of 10.

What type of vulnerability is CVE-2021-21416?

This is classified as CWE-209, which is a common weakness in software security.

CVE-2021-21416 - LOW Severity | CVSS 2.6

Vulnerability Description

django-registration is a user registration package for Django. The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration prior to 3.1.2, the base user-account registration view did not properly apply filters to sensitive data, with the result that sensitive data could be included in error reports rather than removed automatically by Django. Triggering this requires: A site is using django-registration < 3.1.2, The site has detailed error reports (such as Django's emailed error reports to site staff/developers) enabled and a server-side error (HTTP 5xx) occurs during an attempt by a user to register an account. Under these conditions, recipients of the detailed error report will see all submitted data from the account-registration attempt, which may include the user's proposed credentials (such as a password).

Related Vulnerabilities

CVE-2019-4636

LOW

CVSS:2.7(Low)

IBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from generated error messages. IBM X-Force ID: 170013.

CWE-2092019

CVE-2019-4699

LOW

CVSS:2.7(Low)

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 171931.

CWE-2092019

CVE-2020-1717

LOW

CVSS:2.7(Low)

A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack.

CWE-2092020

CVE-2020-4164

LOW

CVSS:2.7(Low)

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could expose sensitive information from applicatino errors which could be used in further attacks against the system....

CWE-2092020

CVE-2020-4248

LOW

CVSS:2.7(Low)

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This informati...

CWE-2092020

CVE-2020-4327

LOW

CVSS:2.7(Low)

IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in furt...

CWE-2092020