GHSA-4j3w-g62x-hrcp
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4j3w-g62x-hrcp
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4j3w-g62x-hrcp/GHSA-4j3w-g62x-hrcp.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-4j3w-g62x-hrcp
- Aliases
-
- CVE-2008-0164
- PYSEC-2008-14
- Published
- 2022-05-01T23:28:05Z
- Modified
- 2024-11-26T16:50:55Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Plone Cross-site request forgery (CSRF)
- Details
-
Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS before 3.1 allow remote attackers to (1) add arbitrary accounts via the joinform page and (2) change the privileges of arbitrary groups via the prefsgroups_overview page.
- Database specific
{ "nvd_published_at": "2008-03-20T00:44:00Z", "cwe_ids": [ "CWE-352" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-05-14T17:23:26Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2008-0164
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41263
- https://github.com/plone/Plone
- https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2008-14.yaml
- http://plone.org/about/security/advisories/cve-2008-0164
- http://plone.org/products/plone-hotfix/releases/CVE-2008-0164
- http://www.procheckup.com/Hacking_Plone_CMS.pdf
Affected packages
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone