CVE-2006-4247

CRITICAL9.1EPSS 0.33%

Plone allows anonymous users to reset any users password through the web via Password Reset Tool

發布日:2022/5/1修改日:2026/5/20

也稱為:GHSA-5hch-v5pq-x4qpPYSEC-2006-5PYSEC-2006-9

描述

Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."

受影響套件(3)

PyPI/plone>= 2.5, < 2.5.1
PyPI/plone>= 2.5, < 2.5.1
PyPI/plonefrom 0, <= 2.5, <= 2.5.1_rc

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
osv	CVSS 3.1	CRITICAL9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2006-4247
PATCHhttps://github.com/plone/Plone
WEBhttp://plone.org/about/security/advisories/cve-2006-4247
WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2006-5.yaml