GHSA-5hch-v5pq-x4qp

Suggest an improvement
Source
https://github.com/advisories/GHSA-5hch-v5pq-x4qp
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5hch-v5pq-x4qp/GHSA-5hch-v5pq-x4qp.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-5hch-v5pq-x4qp
Aliases
  • CVE-2006-4247
Published
2022-05-01T07:16:48Z
Modified
2024-05-09T16:41:49.981307Z
Summary
Plone allows anonymous users to reset any users password through the web via Password Reset Tool
Details

Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."

References

Affected packages

PyPI / plone

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.5
Fixed
2.5.1