GHSA-qjxf-6pr8-j87v
Suggest an improvement- Source
- https://github.com/advisories/GHSA-qjxf-6pr8-j87v
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qjxf-6pr8-j87v/GHSA-qjxf-6pr8-j87v.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-qjxf-6pr8-j87v
- Aliases
-
- CVE-2013-4198
- PYSEC-2014-62
- Published
- 2022-05-17T04:49:45Z
- Modified
- 2024-10-18T22:03:50.778280Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Plone's authenticated users able to alter their password despite of policy definition
- Details
-
mail_password.pyin Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality. - Database specific
{ "nvd_published_at": "2014-03-11T19:37:00Z", "cwe_ids": [ "CWE-863" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-04-29T16:39:16Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2013-4198
- https://bugzilla.redhat.com/show_bug.cgi?id=978480
- https://github.com/plone/Plone
- https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-62.yaml
- https://pypi.org/project/Products.PloneHotfix20130618
- http://plone.org/products/plone-hotfix/releases/20130618
- http://plone.org/products/plone/security/advisories/20130618-announcement
- http://seclists.org/oss-sec/2013/q3/261
Affected packages
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone
Affected versions
3.*
3.2a1
3.2rc1
3.2
3.2.1
3.2.2
3.2.3
3.3b1
3.3rc1
3.3rc2
3.3rc3
3.3rc4
3.3rc5
3.3
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
4.*
4.0a1
4.0a2
4.0a3
4.0a4
4.0a5
4.0b1
4.0b2
4.0b3
4.0b4
4.0b5
4.0rc1
4.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc2
4.1rc3
4.1
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone