CVE-2021-21416 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2021-21416 Interim 1 14 2025-02-17T00:52:11Z current 2021-05-30T14:48:14Z 2025-02-17T00:52:11Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2021-21416 django-registration is a user registration package for Django. The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration prior to 3.1.2, the base user-account registration view did not properly apply filters to sensitive data, with the result that sensitive data could be included in error reports rather than removed automatically by Django. Triggering this requires: A site is using django-registration < 3.1.2, The site has detailed error reports (such as Django's emailed error reports to site staff/developers) enabled and a server-side error (HTTP 5xx) occurs during an attempt by a user to register an account. Under these conditions, recipients of the detailed error report will see all submitted data from the account-registration attempt, which may include the user's proposed credentials (such as a password). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2F72NF6ZBHDNQRLYZZFU7B52UQ4CZZRE/ E-Mail link for openSUSE-SU-2021:0588-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NL4XGVJ2AN5KEZDKGXRP3QKFGI24ETYA/ E-Mail link for openSUSE-SU-2021:0597-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 15 SP2 openSUSE Leap 15.2 openSUSE Tumbleweed python3-django-registration-3.1.2-bp152.3.3.1 python3-django-registration-3.1.2-lp152.3.3.1 python310-django-registration-3.3-2.2 python311-django-registration-3.3-2.2 python312-django-registration-3.3-2.2 python36-django-registration-3.2-1.2 python38-django-registration-3.2-1.2 python39-django-registration-3.2-1.2 python3-django-registration-3.1.2-bp152.3.3.1 as a component of SUSE Package Hub 15 SP2 python3-django-registration-3.1.2-lp152.3.3.1 as a component of openSUSE Leap 15.2 python310-django-registration-3.3-2.2 as a component of openSUSE Tumbleweed python311-django-registration-3.3-2.2 as a component of openSUSE Tumbleweed python312-django-registration-3.3-2.2 as a component of openSUSE Tumbleweed python36-django-registration-3.2-1.2 as a component of openSUSE Tumbleweed python38-django-registration-3.2-1.2 as a component of openSUSE Tumbleweed python39-django-registration-3.2-1.2 as a component of openSUSE Tumbleweed django-registration is a user registration package for Django. The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration prior to 3.1.2, the base user-account registration view did not properly apply filters to sensitive data, with the result that sensitive data could be included in error reports rather than removed automatically by Django. Triggering this requires: A site is using django-registration < 3.1.2, The site has detailed error reports (such as Django's emailed error reports to site staff/developers) enabled and a server-side error (HTTP 5xx) occurs during an attempt by a user to register an account. Under these conditions, recipients of the detailed error report will see all submitted data from the account-registration attempt, which may include the user's proposed credentials (such as a password). CVE-2021-21416 SUSE Package Hub 15 SP2:python3-django-registration-3.1.2-bp152.3.3.1 openSUSE Leap 15.2:python3-django-registration-3.1.2-lp152.3.3.1 openSUSE Tumbleweed:python310-django-registration-3.3-2.2 openSUSE Tumbleweed:python311-django-registration-3.3-2.2 openSUSE Tumbleweed:python312-django-registration-3.3-2.2 openSUSE Tumbleweed:python36-django-registration-3.2-1.2 openSUSE Tumbleweed:python38-django-registration-3.2-1.2 openSUSE Tumbleweed:python39-django-registration-3.2-1.2 low 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N 2.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N