CVE-2006-4247 – plone

Package

Manager: pip
Name: plone
Vulnerable Version: >=2.5 <2.5.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

EPSS: 0.00333 pctl0.55505

Details

Plone allows anonymous users to reset any users password through the web via Password Reset Tool Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."

Metadata

Created: 2022-05-01T07:16:48Z
Modified: 2024-11-26T16:47:58Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5hch-v5pq-x4qp/GHSA-5hch-v5pq-x4qp.json
CWE IDs: []
Alternative ID: GHSA-5hch-v5pq-x4qp
Finding: F039
Auto approve: 1