GHSA-5hch-v5pq-x4qp
Suggest an improvement- Source
- https://github.com/advisories/GHSA-5hch-v5pq-x4qp
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5hch-v5pq-x4qp/GHSA-5hch-v5pq-x4qp.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-5hch-v5pq-x4qp
- Aliases
-
- CVE-2006-4247
- PYSEC-2006-5
- Published
- 2022-05-01T07:16:48Z
- Modified
- 2024-11-26T16:47:58Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- 8.0 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator
- Summary
- Plone allows anonymous users to reset any users password through the web via Password Reset Tool
- Details
-
Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."
- Database specific
{ "nvd_published_at": "2006-09-29T19:07:00Z", "cwe_ids": [], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-05-09T16:14:08Z" }- References
Affected packages
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone