Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJxeDgtNTg5ai1nY3B4
Moderate severity vulnerability that affects Plone and plone.app.users
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.
Permalink: https://github.com/advisories/GHSA-2qx8-589j-gcpxJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJxeDgtNTg5ai1nY3B4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 5 years ago
Updated: about 1 year ago
Identifiers: GHSA-2qx8-589j-gcpx, CVE-2011-1950
References:
- https://nvd.nist.gov/vuln/detail/CVE-2011-1950
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67695
- https://github.com/advisories/GHSA-2qx8-589j-gcpx
- http://osvdb.org/72729
- http://plone.org/products/plone/security/advisories/CVE-2011-1950
- http://secunia.com/advisories/44775
- http://securityreason.com/securityalert/8269
- http://www.securityfocus.com/archive/1/518155/100/0/threaded
- http://www.securityfocus.com/bid/48005
Affected Packages
pypi:Plone
Dependent packages: 5Dependent repositories: 7
Downloads: 7,934 last month
Affected Version Ranges: >= 4.0.1, < 4.0.6
Fixed in: 4.0.6
All affected versions: 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5
All unaffected versions: 3.2.1, 3.2.2, 3.2.3, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.3.9, 4.3.10, 4.3.11, 4.3.12, 4.3.13, 4.3.14, 4.3.15, 4.3.16, 4.3.17, 4.3.18, 4.3.19, 4.3.20, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9, 5.2.10, 5.2.11, 5.2.12, 5.2.13, 5.2.14, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10
pypi:plone.app.users
Dependent packages: 1Dependent repositories: 39
Downloads: 7,647 last month
Affected Version Ranges: >= 1.1b1, < 1.1.1, >= 1.0a1, < 1.0.5
Fixed in: 1.1.1, 1.0.5
All affected versions: 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6
All unaffected versions: 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.0, 2.2.1, 2.2.2, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.4.1, 2.4.2, 2.4.3, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4