CVE-2015-7315 – products.cmfplone

Package

Manager: pip
Name: products.cmfplone
Vulnerable Version: >=3.3.0 <4.3.7 || >=5.0a1 <5.0rc2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00436 pctl0.62108

Details

Plone unauthorized member addition vulnerability Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.

Metadata

Created: 2022-05-17T00:35:46Z
Modified: 2024-10-18T21:43:36Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-984m-rj28-8c6x/GHSA-984m-rj28-8c6x.json
CWE IDs: ["CWE-284"]
Alternative ID: GHSA-984m-rj28-8c6x
Finding: F039
Auto approve: 1