CVE-2015-7315 – products-cmfplone

Package

Manager: pip
Name: products-cmfplone
Vulnerable Version: =4.0b1 || =4.1 || =4.1.1 || =4.1.2 || =4.1.3 || =4.1.4 || =4.1.5 || =4.1.6 || =4.1a1 || =4.1a2 || =4.1a3 || =4.1b1 || =4.1b2 || =4.1rc2 || =4.1rc3 || =4.2 || =4.2.0.1 || =4.2.1 || =4.2.1.1 || =4.2.2 || =4.2.3 || =4.2.4 || =4.2.5 || =4.2.6 || =4.2.7 || =4.2a1 || =4.2a2 || =4.2b1 || =4.2b2 || =4.2rc1 || =4.2rc2 || =4.3 || =4.3.1 || =4.3.2 || =4.3.3 || =4.3.4 || =4.3.4.1 || =4.3.5 || =4.3.6 || =4.3a1 || =4.3a2 || =4.3b1 || =4.3b2 || =4.3rc1 || >=3.3.0 <4.3.7 || =5.0a1 || =5.0a2 || =5.0a3 || =5.0b1 || =5.0b1.post1 || =5.0b2 || =5.0b3 || =5.0b4 || =5.0rc1 || >=5.0a1 <5.0rc2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00436 pctl0.62117

Details

Plone unauthorized member addition vulnerability Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.

Metadata

Created: 2022-05-17T00:35:46Z
Modified: 2024-10-18T22:19:40.981626Z
Source: https://osv-vulnerabilities
CWE IDs: ["CWE-284"]
Alternative ID: N/A
Finding: F039
Auto approve: 1