CVE-2011-1950 – plone.app.users

Package

Manager: pip
Name: plone.app.users
Vulnerable Version: >=1.0a1 <1.0.5 || >=1.1b1 <1.1.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:A

EPSS: 0.00757 pctl0.72371

Details

Plone and plone.app.users allow remote authenticated users to modify the properties of arbitrary accounts plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.

Metadata

Created: 2018-07-23T20:26:45Z
Modified: 2024-10-09T21:30:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-2qx8-589j-gcpx/GHSA-2qx8-589j-gcpx.json
CWE IDs: []
Alternative ID: GHSA-2qx8-589j-gcpx
Finding: F039
Auto approve: 1