PT-2006-5061 · Plone Foundation · Password Reset Tool+1

Publicado

2006-09-29

Atualizado

2022-05-01

CVE-2006-4247

CVSS v4.0

8.0

Alta

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

Name of the Vulnerable Software and Affected Versions Plone versions 2.5 through 2.5.1 Release Candidate Plone version 0.4.1 and earlier of the Password Reset Tool

Description The issue is related to an erroneous security declaration in the Password Reset Tool, allowing attackers to reset the passwords of other users.

Recommendations For Plone versions 2.5 through 2.5.1 Release Candidate, update the Password Reset Tool to version 0.4.1 or later. For Plone version 0.4.1 and earlier of the Password Reset Tool, update to version 0.4.1 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-4247

GHSA-5HCH-V5PQ-X4QP

PYSEC-2006-5

PYSEC-2006-9

Produtos afetados

Password Reset Tool

Plone

PT-2006-5061 · Plone Foundation · Password Reset Tool+1

CVE-2006-4247

Identificadores relacionados

Produtos afetados

Referências · 8