CVE-2011-1950

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.

Published Bysecalert@redhat.com

Published DateJun 06, 2011, 19:55

Affected Versions(4)

plone.app.users(PyPI)

Introduced1.0a1

Fixed1.0.5

LimitN/A

plone.app.users(PyPI)

Introduced1.1b1

Fixed1.1.1

LimitN/A

Plone(PyPI)

Introduced4.0.1

Fixed4.0.6

LimitN/A

Plone(PyPI)

Introduced4.1.0

Fixed4.1.1

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
plone.app.users(PyPI)	1.0a1	1.0.5	N/A
plone.app.users(PyPI)	1.1b1	1.1.1	N/A
Plone(PyPI)	4.0.1	4.0.6	N/A
Plone(PyPI)	4.1.0	4.1.1	N/A

Weakness Type (CWE):CWE-264

CVSS Metrics

Base Score

5.5

Vector String

AV:N/AC:L/Au:S/C:N/I:P/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

NONE

Integrity (I)

PARTIAL

Availability (A)

PARTIAL

References

Weakness Type (CWE):CWE-264

CVSS Metrics

Base Score

5.5

Vector String

AV:N/AC:L/Au:S/C:N/I:P/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

NONE

Integrity (I)

PARTIAL

Availability (A)

PARTIAL