GHSA-984m-rj28-8c6x

Source

https://github.com/advisories/GHSA-984m-rj28-8c6x

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-984m-rj28-8c6x/GHSA-984m-rj28-8c6x.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-984m-rj28-8c6x

Aliases

CVE-2015-7315
PYSEC-2017-52

Published

2022-05-17T00:35:46Z

Modified

2024-10-18T21:46:42.635261Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
8.2 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

Plone unauthorized member addition vulnerability

Details

Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.

Database specific

{
    "nvd_published_at": "2017-09-25T17:29:00Z",
    "cwe_ids": [
        "CWE-284"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-07T19:57:45Z"
}

References

Affected packages

PyPI / products-cmfplone

Package

Name: products-cmfplone; View open source insights on deps.dev
Purl: pkg:pypi/products-cmfplone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.3.0

Fixed

4.3.7

Affected versions

4.*

4.0b1

4.1a1

4.1a2

4.1a3

4.1b1

4.1b2

4.1rc2

4.1rc3

4.1

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.2a1

4.2a2

4.2b1

4.2b2

4.2rc1

4.2rc2

4.2

4.2.0.1

4.2.1

4.2.1.1

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

4.2.7

4.3a1

4.3a2

4.3b1

4.3b2

4.3rc1

4.3

4.3.1

4.3.2

4.3.3

4.3.4

4.3.4.1

4.3.5

4.3.6

Database specific

{
    "last_known_affected_version_range": "< 4.3.6"
}

PyPI / products-cmfplone

Package

Name: products-cmfplone; View open source insights on deps.dev
Purl: pkg:pypi/products-cmfplone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0a1

Fixed

5.0rc2

Affected versions

5.*

5.0a1

5.0a2

5.0a3

5.0b1

5.0b1.post1

5.0b2

5.0b3

5.0b4

5.0rc1

PyPI / plone

Package

Name: plone; View open source insights on deps.dev
Purl: pkg:pypi/plone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.3

Last affected

3.3.6

Affected versions

3.*

3.3

3.3.1

3.3.2

3.3.3

3.3.4

3.3.5

3.3.6

PyPI / plone

Package

Name: plone; View open source insights on deps.dev
Purl: pkg:pypi/plone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0a1

Last affected

4.0.10

Affected versions

4.*

4.0a1

4.0a2

4.0a3

4.0a4

4.0a5

4.0b1

4.0b2

4.0b3

4.0b4

4.0b5

4.0rc1

4.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.0.8

4.0.9

4.0.10

PyPI / plone

Package

Name: plone; View open source insights on deps.dev
Purl: pkg:pypi/plone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.1a1

Last affected

4.1.6

Affected versions

4.*

4.1a1

4.1a2

4.1a3

4.1b1

4.1b2

4.1rc2

4.1rc3

4.1

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

PyPI / plone

Package

Name: plone; View open source insights on deps.dev
Purl: pkg:pypi/plone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.2a1

Last affected

4.2.7

Affected versions

4.*

4.2a1

4.2a2

4.2b1

4.2b2

4.2rc1

4.2rc2

4.2

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

4.2.7

PyPI / plone

Package

Name: plone; View open source insights on deps.dev
Purl: pkg:pypi/plone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3a1

Last affected

4.3.6

Affected versions

4.*

4.3a1

4.3a2

4.3b1

4.3b2

4.3rc1

4.3

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5

4.3.6

PyPI / plone

Package

Name: plone; View open source insights on deps.dev
Purl: pkg:pypi/plone

Affected ranges

Affected versions

5.*

5.0rc1