Access Restriction Bypass Affecting plone package, versions [,4.2.5) [4.3,4.3.1)
Threat Intelligence
EPSS
0.12% (48th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-PLONE-40214
- published 1 Aug 2013
- disclosed 1 Aug 2013
- credit Unknown
Introduced: 1 Aug 2013
CVE-2013-4198 Open this link in a new tabOverview
plone
is a Content Management System.
mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality.
References
CVSS Scores
version 3.1