PT-2006-5062 · Plone · Plone

Published

2006-12-07

Updated

2022-05-01

CVE-2006-4249

CVSS v4.0

4.6

Medium

Vector

AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

Name of the Vulnerable Software and Affected Versions Plone versions 2.5 through 2.5.1

Description The issue allows an attacker to masquerade as a group when anonymous member registration is enabled.

Recommendations For Plone versions 2.5 through 2.5.1, consider disabling anonymous member registration as a temporary workaround until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4249

GHSA-R7J4-82XW-8M9P

PYSEC-2006-10

PYSEC-2006-6

Affected Products

Plone

PT-2006-5062 · Plone · Plone

CVE-2006-4249

Related Identifiers

Affected Products

References · 13