cvelistv5 - cve-2011-1950

CVE-2011-1950 (GCVE-0-2011-1950)

Vulnerability from cvelistv5 – Published: 2011-06-06 19:00 – Updated: 2024-08-06 22:46

Summary

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://secunia.com/advisories/44775	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/48005	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://osvdb.org/72729	vdb-entryx_refsource_OSVDB
	http://securityreason.com/securityalert/8269	third-party-advisoryx_refsource_SREASON
	http://plone.org/products/plone/security/advisori…	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/518155/100…	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:46:00.933Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "44775",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44775"
          },
          {
            "name": "48005",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/48005"
          },
          {
            "name": "plone-data-security-bypass(67695)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67695"
          },
          {
            "name": "72729",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/72729"
          },
          {
            "name": "8269",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8269"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1950"
          },
          {
            "name": "20110526 [CVE-REQUEST] Plone XSS and permission errors",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "44775",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44775"
        },
        {
          "name": "48005",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/48005"
        },
        {
          "name": "plone-data-security-bypass(67695)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67695"
        },
        {
          "name": "72729",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/72729"
        },
        {
          "name": "8269",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8269"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1950"
        },
        {
          "name": "20110526 [CVE-REQUEST] Plone XSS and permission errors",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-1950",
    "datePublished": "2011-06-06T19:00:00",
    "dateReserved": "2011-05-09T00:00:00",
    "dateUpdated": "2024-08-06T22:46:00.933Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C44B53B-953B-4522-A5B4-11573850D2CD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.\"}, {\"lang\": \"es\", \"value\": \"plone.app.users en Plone v4.0 y v4.1 permite a usuarios remotos autenticados para modificar las propiedades de las cuentas de su elecci\\u00f3n a trav\\u00e9s de vectores no especificados, como se exploto en junio 2011.\"}]",
      "id": "CVE-2011-1950",
      "lastModified": "2024-11-21T01:27:22.343",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:P/A:P\", \"baseScore\": 5.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2011-06-06T19:55:02.190",
      "references": "[{\"url\": \"http://osvdb.org/72729\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://plone.org/products/plone/security/advisories/CVE-2011-1950\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/44775\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/8269\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/518155/100/0/threaded\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/48005\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/67695\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://osvdb.org/72729\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://plone.org/products/plone/security/advisories/CVE-2011-1950\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/44775\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/8269\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/518155/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/48005\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/67695\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-1950\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2011-06-06T19:55:02.190\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.\"},{\"lang\":\"es\",\"value\":\"plone.app.users en Plone v4.0 y v4.1 permite a usuarios remotos autenticados para modificar las propiedades de las cuentas de su elecci\u00f3n a trav\u00e9s de vectores no especificados, como se exploto en junio 2011.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:P\",\"baseScore\":5.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C44B53B-953B-4522-A5B4-11573850D2CD\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/72729\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://plone.org/products/plone/security/advisories/CVE-2011-1950\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/44775\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/8269\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/518155/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/48005\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/67695\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://osvdb.org/72729\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://plone.org/products/plone/security/advisories/CVE-2011-1950\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/44775\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/8269\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/518155/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/48005\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/67695\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

PYSEC-2011-16

Vulnerability from pysec - Published: 2011-06-06 19:55 - Updated: 2021-07-25 23:34

Details

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.

Impacted products

Name	purl
plone	pkg:pypi/plone

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "plone",
        "purl": "pkg:pypi/plone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "3.2",
        "3.2.1",
        "3.2.2",
        "3.2.3",
        "3.2a1",
        "3.2rc1",
        "3.3",
        "3.3.1",
        "3.3.2",
        "3.3.3",
        "3.3.4",
        "3.3.5",
        "3.3.6",
        "3.3b1",
        "3.3rc1",
        "3.3rc2",
        "3.3rc3",
        "3.3rc4",
        "3.3rc5",
        "4.0",
        "4.0.1",
        "4.0.10",
        "4.0.2",
        "4.0.3",
        "4.0.4",
        "4.0.5",
        "4.0.6",
        "4.0.7",
        "4.0.8",
        "4.0.9",
        "4.0a1",
        "4.0a2",
        "4.0a3",
        "4.0a4",
        "4.0a5",
        "4.0b1",
        "4.0b2",
        "4.0b3",
        "4.0b4",
        "4.0b5",
        "4.0rc1",
        "4.1",
        "4.1a1",
        "4.1a2",
        "4.1a3",
        "4.1b1",
        "4.1b2",
        "4.1rc2",
        "4.1rc3"
      ]
    }
  ],
  "aliases": [
    "CVE-2011-1950",
    "GHSA-2qx8-589j-gcpx"
  ],
  "details": "plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.",
  "id": "PYSEC-2011-16",
  "modified": "2021-07-25T23:34:43.220669Z",
  "published": "2011-06-06T19:55:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/48005"
    },
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/44775"
    },
    {
      "type": "ADVISORY",
      "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1950"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/72729"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/8269"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67695"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-2qx8-589j-gcpx"
    }
  ]
}

CERTA-2011-AVI-324

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités de Plone ont été corrigées.

Description

Trois vulnérabilités dans Plone ont été corrigées. Leur exploitation permet à une personne malintentionnée d'effectuer des attaques de type injection de code indirecte et/ou d'élever ses privilèges.

Solution

Mettre à jour avec le correctif 20110531.

Plone 4.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletins de sécurité Plone du 02 juin 2011	None	vendor-advisory
Bulletins Plone du 02 juin 2011 :	-	other
Bulletins Plone du 02 juin 2011 :	-	other
Bulletins Plone du 02 juin 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003ePlone 4.x.\u003c/P\u003e",
  "content": "## Description\n\nTrois vuln\u00e9rabilit\u00e9s dans Plone ont \u00e9t\u00e9 corrig\u00e9es. Leur exploitation\npermet \u00e0 une personne malintentionn\u00e9e d\u0027effectuer des attaques de type\ninjection de code indirecte et/ou d\u0027\u00e9lever ses privil\u00e8ges.\n\n## Solution\n\nMettre \u00e0 jour avec le correctif 20110531.\n",
  "cves": [
    {
      "name": "CVE-2011-1948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1948"
    },
    {
      "name": "CVE-2011-1950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1950"
    },
    {
      "name": "CVE-2011-1949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1949"
    }
  ],
  "links": [
    {
      "title": "Bulletins Plone du 02 juin 2011 :",
      "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1948"
    },
    {
      "title": "Bulletins Plone du 02 juin 2011 :",
      "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1949"
    },
    {
      "title": "Bulletins Plone du 02 juin 2011 :",
      "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1950"
    }
  ],
  "reference": "CERTA-2011-AVI-324",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-06-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de Plone ont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Plone",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Plone du 02 juin 2011",
      "url": null
    }
  ]
}

CERTA-2011-AVI-324

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités de Plone ont été corrigées.

Description

Solution

Mettre à jour avec le correctif 20110531.

Plone 4.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletins de sécurité Plone du 02 juin 2011	None	vendor-advisory
Bulletins Plone du 02 juin 2011 :	-	other
Bulletins Plone du 02 juin 2011 :	-	other
Bulletins Plone du 02 juin 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003ePlone 4.x.\u003c/P\u003e",
  "content": "## Description\n\nTrois vuln\u00e9rabilit\u00e9s dans Plone ont \u00e9t\u00e9 corrig\u00e9es. Leur exploitation\npermet \u00e0 une personne malintentionn\u00e9e d\u0027effectuer des attaques de type\ninjection de code indirecte et/ou d\u0027\u00e9lever ses privil\u00e8ges.\n\n## Solution\n\nMettre \u00e0 jour avec le correctif 20110531.\n",
  "cves": [
    {
      "name": "CVE-2011-1948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1948"
    },
    {
      "name": "CVE-2011-1950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1950"
    },
    {
      "name": "CVE-2011-1949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1949"
    }
  ],
  "links": [
    {
      "title": "Bulletins Plone du 02 juin 2011 :",
      "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1948"
    },
    {
      "title": "Bulletins Plone du 02 juin 2011 :",
      "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1949"
    },
    {
      "title": "Bulletins Plone du 02 juin 2011 :",
      "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1950"
    }
  ],
  "reference": "CERTA-2011-AVI-324",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-06-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de Plone ont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Plone",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Plone du 02 juin 2011",
      "url": null
    }
  ]
}

FKIE_CVE-2011-1950

Vulnerability from fkie_nvd - Published: 2011-06-06 19:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.

References

URL	Tags
secalert@redhat.com	http://osvdb.org/72729
secalert@redhat.com	http://plone.org/products/plone/security/advisories/CVE-2011-1950	Patch, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/44775	Vendor Advisory
secalert@redhat.com	http://securityreason.com/securityalert/8269
secalert@redhat.com	http://www.securityfocus.com/archive/1/518155/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/48005
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/67695
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/72729
af854a3a-2127-422b-91ae-364da2661108	http://plone.org/products/plone/security/advisories/CVE-2011-1950	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44775	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8269
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/518155/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/48005
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/67695

Impacted products

	Vendor	Product	Version
	plone	plone	4.0
	plone	plone	4.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011."
    },
    {
      "lang": "es",
      "value": "plone.app.users en Plone v4.0 y v4.1 permite a usuarios remotos autenticados para modificar las propiedades de las cuentas de su elecci\u00f3n a trav\u00e9s de vectores no especificados, como se exploto en junio 2011."
    }
  ],
  "id": "CVE-2011-1950",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-06-06T19:55:02.190",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/72729"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1950"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44775"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securityreason.com/securityalert/8269"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/48005"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67695"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/72729"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1950"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44775"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8269"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/48005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67695"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-2QX8-589J-GCPX

Vulnerability from github – Published: 2018-07-23 20:26 – Updated: 2024-10-09 21:30

Summary

Plone and plone.app.users allow remote authenticated users to modify the properties of arbitrary accounts

Details

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

7.1 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:A

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "plone.app.users"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0a1"
            },
            {
              "fixed": "1.0.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "plone.app.users"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.1b1"
            },
            {
              "fixed": "1.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Plone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.1"
            },
            {
              "fixed": "4.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Plone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.1.0"
            },
            {
              "fixed": "4.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2011-1950"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T20:52:51Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.",
  "id": "GHSA-2qx8-589j-gcpx",
  "modified": "2024-10-09T21:30:27Z",
  "published": "2018-07-23T20:26:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1950"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67695"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-2qx8-589j-gcpx"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-16.yaml"
    },
    {
      "type": "WEB",
      "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1950"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:A",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Plone and plone.app.users allow remote authenticated users to modify the properties of arbitrary accounts"
}

GSD-2011-1950

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.

Aliases

CVE-2011-1950

Aliases

CVE-2011-1950

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-1950",
    "description": "plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.",
    "id": "GSD-2011-1950"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-1950"
      ],
      "details": "plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.",
      "id": "GSD-2011-1950",
      "modified": "2023-12-13T01:19:08.128576Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2011-1950",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://secunia.com/advisories/44775",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/44775"
          },
          {
            "name": "http://securityreason.com/securityalert/8269",
            "refsource": "MISC",
            "url": "http://securityreason.com/securityalert/8269"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/518155/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"
          },
          {
            "name": "http://www.securityfocus.com/bid/48005",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/48005"
          },
          {
            "name": "http://osvdb.org/72729",
            "refsource": "MISC",
            "url": "http://osvdb.org/72729"
          },
          {
            "name": "http://plone.org/products/plone/security/advisories/CVE-2011-1950",
            "refsource": "MISC",
            "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1950"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67695",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67695"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=4.0.1,\u003c4.0.6",
          "affected_versions": "All versions starting from 4.0.1 before 4.0.6",
          "cvss_v2": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
          "cwe_ids": [
            "CWE-1035",
            "CWE-264",
            "CWE-937"
          ],
          "date": "2021-08-31",
          "description": "plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.",
          "fixed_versions": [
            "4.0.6"
          ],
          "identifier": "CVE-2011-1950",
          "identifiers": [
            "GHSA-2qx8-589j-gcpx",
            "CVE-2011-1950"
          ],
          "not_impacted": "All versions before 4.0.1, all versions starting from 4.0.6",
          "package_slug": "pypi/Plone",
          "pubdate": "2018-07-23",
          "solution": "Upgrade to version 4.0.6 or above.",
          "title": "Moderate severity vulnerability that affects Plone and plone.app.users",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2011-1950",
            "https://exchange.xforce.ibmcloud.com/vulnerabilities/67695",
            "https://github.com/advisories/GHSA-2qx8-589j-gcpx",
            "http://osvdb.org/72729",
            "http://plone.org/products/plone/security/advisories/CVE-2011-1950",
            "http://secunia.com/advisories/44775",
            "http://securityreason.com/securityalert/8269",
            "http://www.securityfocus.com/archive/1/518155/100/0/threaded",
            "http://www.securityfocus.com/bid/48005"
          ],
          "uuid": "21969f75-bf44-4c56-bfb2-f5b874e5ba7e"
        },
        {
          "affected_range": "\u003e=1.0a1,\u003c1.0.5||\u003e=1.1b1,\u003c1.1.1",
          "affected_versions": "All versions starting from 1.0a1 before 1.0.5, all versions starting from 1.1b1 before 1.1.1",
          "cvss_v2": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
          "cwe_ids": [
            "CWE-1035",
            "CWE-264",
            "CWE-937"
          ],
          "date": "2021-08-31",
          "description": "plone.app.users in Plone allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June ",
          "fixed_versions": [
            "1.0.5",
            "1.1.1"
          ],
          "identifier": "CVE-2011-1950",
          "identifiers": [
            "GHSA-2qx8-589j-gcpx",
            "CVE-2011-1950"
          ],
          "not_impacted": "All versions before 1.0a1, all versions starting from 1.0.5 before 1.1b1, all versions starting from 1.1.1",
          "package_slug": "pypi/plone.app.users",
          "pubdate": "2018-07-23",
          "solution": "Upgrade to versions 1.0.5, 1.1.1 or above.",
          "title": "Moderate severity vulnerability that affects Plone and plone.app.users",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2011-1950",
            "https://exchange.xforce.ibmcloud.com/vulnerabilities/67695",
            "https://github.com/advisories/GHSA-2qx8-589j-gcpx",
            "http://osvdb.org/72729",
            "http://plone.org/products/plone/security/advisories/CVE-2011-1950",
            "http://secunia.com/advisories/44775",
            "http://securityreason.com/securityalert/8269",
            "http://www.securityfocus.com/archive/1/518155/100/0/threaded",
            "http://www.securityfocus.com/bid/48005"
          ],
          "uuid": "469c9cee-3090-43aa-8b01-675a252e775a"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-1950"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "48005",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/48005"
            },
            {
              "name": "44775",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/44775"
            },
            {
              "name": "http://plone.org/products/plone/security/advisories/CVE-2011-1950",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1950"
            },
            {
              "name": "72729",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/72729"
            },
            {
              "name": "8269",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/8269"
            },
            {
              "name": "plone-data-security-bypass(67695)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67695"
            },
            {
              "name": "20110526 [CVE-REQUEST] Plone XSS and permission errors",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-09T19:32Z",
      "publishedDate": "2011-06-06T19:55Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-1950 (GCVE-0-2011-1950)

PYSEC-2011-16

CERTA-2011-AVI-324

Description

Solution

CERTA-2011-AVI-324

Description

Solution

FKIE_CVE-2011-1950

GHSA-2QX8-589J-GCPX

GSD-2011-1950

Tags

Sightings

Nomenclature