CVE-2011-1950 – plone-app-users

Package

Manager: pip
Name: plone-app-users
Vulnerable Version: =1.0 || =1.0.1 || =1.0.2 || =1.0.3 || =1.0.4 || =1.0a1 || =1.0a2 || =1.0a3 || =1.0b1 || =1.0b2 || =1.0b3 || =1.0b4 || =1.0b5 || =1.0b6 || =1.0b7 || =1.0b8 || =1.0b9 || >=1.0a1 <1.0.5 || =1.1 || =1.1b1 || =1.1b2 || >=1.1b1 <1.1.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:A

EPSS: 0.00757 pctl0.72371

Details

Plone and plone.app.users allow remote authenticated users to modify the properties of arbitrary accounts plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.

Metadata

Created: 2018-07-23T20:26:45Z
Modified: 2024-11-29T05:41:52.646610Z
Source: https://osv-vulnerabilities
CWE IDs: N/A
Alternative ID: N/A
Finding: F039
Auto approve: 1