CVE-2011-1950
MEDIUM6.5EPSS 0.76%Plone and plone.app.users allow remote authenticated users to modify the properties of arbitrary accounts
Published: 7/23/2018Modified: 11/29/2024
Description
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.
Affected packages (3)
- PyPI/plone>= 4.0.1, < 4.0.6
- PyPI/plonefrom 0, < 4.1.1
- PyPI/plone-app-users>= 1.0a1, < 1.0.5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:A |
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
References (10)
- ADVISORYhttp://secunia.com/advisories/44775
- ADVISORYhttps://github.com/advisories/GHSA-2qx8-589j-gcpx
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2011-1950
- WEBhttp://osvdb.org/72729
- WEBhttp://plone.org/products/plone/security/advisories/CVE-2011-1950
- WEBhttp://securityreason.com/securityalert/8269
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/67695
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-16.yaml
- WEBhttp://www.securityfocus.com/archive/1/518155/100/0/threaded
- WEBhttp://www.securityfocus.com/bid/48005