CVE-2011-1950
medium
CVSS v3
—
CVSS v2
5.5
VIR risk
5.5
Description
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/44775
Vendor advisory: secalert@redhat.com — http://plone.org/products/plone/security/advisories/CVE-2011-1950
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| PyPI | plone-app-users | >=1.1b1,<1.1.1 | 1.1.1 |
| PyPI | plone | >=4.0.1,<4.0.6 | 4.0.6 |
| PyPI | plone-app-users | >=1.0a1,<1.0.5 | 1.0.5 |
| PyPI | plone | >=4.1.0,<4.1.1 | 4.1.1 |
| PyPI | plone | <4.1.1 | 4.1.1 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2011-1950
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67695
- https://github.com/advisories/GHSA-2qx8-589j-gcpx
- https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-16.yaml
- http://plone.org/products/plone/security/advisories/CVE-2011-1950
- http://osvdb.org/72729
- http://secunia.com/advisories/44775
- http://securityreason.com/securityalert/8269
- http://www.securityfocus.com/archive/1/518155/100/0/threaded
- http://www.securityfocus.com/bid/48005
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.