cvelistv5 - cve-2015-7315

CVE-2015-7315 (GCVE-0-2015-7315)

Vulnerability from cvelistv5 – Published: 2017-09-25 17:00 – Updated: 2024-08-06 07:43

Summary

Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=1264791	x_refsource_CONFIRM
	https://github.com/zopefoundation/Products.CMFCor…	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2015/0…	mailing-listx_refsource_MLIST
	https://plone.org/security/hotfix/20150910/anonym…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:43:46.123Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264791"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406"
          },
          {
            "name": "[oss-security] 20150922 Re: CVE Request: Plone Unauthorized user creation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/09/22/13"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-09-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-25T16:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264791"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406"
        },
        {
          "name": "[oss-security] 20150922 Re: CVE Request: Plone Unauthorized user creation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/09/22/13"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-7315",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1264791",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264791"
            },
            {
              "name": "https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406",
              "refsource": "CONFIRM",
              "url": "https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406"
            },
            {
              "name": "[oss-security] 20150922 Re: CVE Request: Plone Unauthorized user creation",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/09/22/13"
            },
            {
              "name": "https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members",
              "refsource": "CONFIRM",
              "url": "https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-7315",
    "datePublished": "2017-09-25T17:00:00",
    "dateReserved": "2015-09-22T00:00:00",
    "dateUpdated": "2024-08-06T07:43:46.123Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FDC93803-6506-4382-A013-18010EE7E06B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E65977FD-A880-4D16-B56B-94A72774F42D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EA5B4F8-2155-403D-97D8-1272285D508B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3CA2943-77E5-4384-A019-415BBCE62F94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"538A3519-5B04-4FE5-A3C0-FD26EFA32705\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"858CBC5A-C241-475C-8125-C5EA351B12A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E08F4534-A588-463F-A745-39E559AB1CB8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B64341BA-5722-415E-9771-9837168AB7C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2929227-AE19-428D-9AC3-D312A559039B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B6DC866-0FEE-475B-855C-A69E004810CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"50BF3E8E-152C-4E89-BAA2-A952D10F4611\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1F88BF6-9058-4CB8-A2D6-5653860CF489\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2AA3FA2-15C3-444A-8810-5EF3E0E84D58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72F3B15A-CD0F-4CC5-A76F-E62637B30E2E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D913FCA7-4DAE-4E9A-9146-9AFA8472B04B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C44B53B-953B-4522-A5B4-11573850D2CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8883023-113A-420A-97B6-A4A9B29CF7DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DF4D113-8D9D-4DA3-A177-64783352F608\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"28F9B699-D1A4-425C-84ED-6A8FD29BE7F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"47321B60-67DA-4543-B173-D629A9569B45\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58B36EB2-723F-4E25-8018-EEB2BE806D9D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7962EF74-6AC1-424C-A202-163AFDADA971\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F1818BB-E23A-4136-898D-1D0C80C08728\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5CB06627-133A-40D1-8816-E31E0A9BAD22\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE7E448A-2C0C-4DE0-89EA-904718CB6C6D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E727C5C-9E54-49F7-B92C-2492069AAE08\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFD68465-4CDC-4788-8932-41335B5C4AC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7B739E0-FB73-401C-AB1A-E3C1434AA2A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCC8B987-5173-4C61-8DE6-B70C18EE6FD3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"38BA31E8-77EC-478B-BC6E-E2F145A8B9BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE168A35-1A46-4A6F-8A08-25CDD886066D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFE0FC06-369B-46CF-9B1E-BAF7AF87E950\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56571585-E9A2-4B78-B2B1-5D8EADED522A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CDF8A15-401C-453E-8D09-8D4CDD4766DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"39B0B1CE-C0D9-495C-B4E7-E52A50BD6D97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"043B3CBE-DEA2-474D-AA57-1830A470B621\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"08A6842B-B479-4D91-928A-1CCE1DCB936E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"8AF9FB6C-134F-4653-8771-1BF46AB39344\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.\"}, {\"lang\": \"es\", \"value\": \"Plone desde la versi\\u00f3n 3.3.0 hasta la 3.3.6, desde la 4.0.0 hasta la 4.0.10, desde la 4.1.0 hasta la 4.1.6, desde la 4.2.0 hasta la 4.2.7, desde la 4.3.0 hasta la 4.3.6 y la 5.0rc1 permite que los atacantes remotos a\\u00f1adan un nuevo miembro a un sitio Plone con el registro activado, sin el conocimiento del administrador del sitio.\"}]",
      "id": "CVE-2015-7315",
      "lastModified": "2024-11-21T02:36:34.360",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-09-25T17:29:00.537",
      "references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2015/09/22/13\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1264791\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/09/22/13\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1264791\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-7315\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-09-25T17:29:00.537\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.\"},{\"lang\":\"es\",\"value\":\"Plone desde la versi\u00f3n 3.3.0 hasta la 3.3.6, desde la 4.0.0 hasta la 4.0.10, desde la 4.1.0 hasta la 4.1.6, desde la 4.2.0 hasta la 4.2.7, desde la 4.3.0 hasta la 4.3.6 y la 5.0rc1 permite que los atacantes remotos a\u00f1adan un nuevo miembro a un sitio Plone con el registro activado, sin el conocimiento del administrador del sitio.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDC93803-6506-4382-A013-18010EE7E06B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E65977FD-A880-4D16-B56B-94A72774F42D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EA5B4F8-2155-403D-97D8-1272285D508B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3CA2943-77E5-4384-A019-415BBCE62F94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"538A3519-5B04-4FE5-A3C0-FD26EFA32705\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"858CBC5A-C241-475C-8125-C5EA351B12A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E08F4534-A588-463F-A745-39E559AB1CB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B64341BA-5722-415E-9771-9837168AB7C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2929227-AE19-428D-9AC3-D312A559039B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B6DC866-0FEE-475B-855C-A69E004810CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50BF3E8E-152C-4E89-BAA2-A952D10F4611\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1F88BF6-9058-4CB8-A2D6-5653860CF489\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2AA3FA2-15C3-444A-8810-5EF3E0E84D58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72F3B15A-CD0F-4CC5-A76F-E62637B30E2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D913FCA7-4DAE-4E9A-9146-9AFA8472B04B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C44B53B-953B-4522-A5B4-11573850D2CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8883023-113A-420A-97B6-A4A9B29CF7DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DF4D113-8D9D-4DA3-A177-64783352F608\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28F9B699-D1A4-425C-84ED-6A8FD29BE7F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47321B60-67DA-4543-B173-D629A9569B45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58B36EB2-723F-4E25-8018-EEB2BE806D9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7962EF74-6AC1-424C-A202-163AFDADA971\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F1818BB-E23A-4136-898D-1D0C80C08728\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CB06627-133A-40D1-8816-E31E0A9BAD22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE7E448A-2C0C-4DE0-89EA-904718CB6C6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E727C5C-9E54-49F7-B92C-2492069AAE08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFD68465-4CDC-4788-8932-41335B5C4AC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7B739E0-FB73-401C-AB1A-E3C1434AA2A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCC8B987-5173-4C61-8DE6-B70C18EE6FD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38BA31E8-77EC-478B-BC6E-E2F145A8B9BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE168A35-1A46-4A6F-8A08-25CDD886066D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFE0FC06-369B-46CF-9B1E-BAF7AF87E950\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56571585-E9A2-4B78-B2B1-5D8EADED522A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CDF8A15-401C-453E-8D09-8D4CDD4766DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39B0B1CE-C0D9-495C-B4E7-E52A50BD6D97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"043B3CBE-DEA2-474D-AA57-1830A470B621\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08A6842B-B479-4D91-928A-1CCE1DCB936E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AF9FB6C-134F-4653-8771-1BF46AB39344\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2015/09/22/13\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1264791\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/09/22/13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1264791\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GSD-2015-7315

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-7315

Aliases

CVE-2015-7315

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-7315",
    "description": "Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.",
    "id": "GSD-2015-7315"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-7315"
      ],
      "details": "Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.",
      "id": "GSD-2015-7315",
      "modified": "2023-12-13T01:20:01.506641Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-7315",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1264791",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264791"
          },
          {
            "name": "https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406",
            "refsource": "CONFIRM",
            "url": "https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406"
          },
          {
            "name": "[oss-security] 20150922 Re: CVE Request: Plone Unauthorized user creation",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2015/09/22/13"
          },
          {
            "name": "https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members",
            "refsource": "CONFIRM",
            "url": "https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c2.3.1",
          "affected_versions": "All versions before 2.3.1",
          "credit": "Maurits van Rees at Zest Software",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-284",
            "CWE-937"
          ],
          "date": "2017-10-03",
          "description": "A vulnerability that allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.",
          "fixed_versions": [
            "2.3.1"
          ],
          "identifier": "CVE-2015-7315",
          "identifiers": [
            "CVE-2015-7315"
          ],
          "package_slug": "pypi/Products.CMFCore",
          "pubdate": "2017-09-25",
          "solution": "Upgrade to 2.3.1 or above.",
          "title": "Anonymous is able to create Plone members",
          "urls": [
            "https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406",
            "https://plone.org/security/20150910",
            "https://plone.org/security/20150910/anonymous-is-able-to-create-plone-members",
            "https://pypi.python.org/pypi/Products.PloneHotfix20150910"
          ],
          "uuid": "237a3547-a6fc-4ea5-b81d-66dccc8b7298"
        },
        {
          "affected_range": "\u003e=3.3.0,\u003c4.3.6||\u003e=5.0a1,\u003c5.0rc2",
          "affected_versions": "All versions starting from 3.3.0 before 4.3.6, all versions starting from 5.0a1 before 5.0rc2",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-284",
            "CWE-937"
          ],
          "date": "2023-08-16",
          "description": "Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.",
          "fixed_versions": [
            "4.3.7",
            "5.0rc2"
          ],
          "identifier": "CVE-2015-7315",
          "identifiers": [
            "GHSA-984m-rj28-8c6x",
            "CVE-2015-7315"
          ],
          "not_impacted": "All versions before 3.3.0, all versions starting from 4.3.6 before 5.0a1, all versions starting from 5.0rc2",
          "package_slug": "pypi/Products.CMFPlone",
          "pubdate": "2022-05-17",
          "solution": "Upgrade to versions 4.3.7, 5.0rc2 or above.",
          "title": "Improper Access Control",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2015-7315",
            "https://bugzilla.redhat.com/show_bug.cgi?id=1264791",
            "https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members",
            "http://www.openwall.com/lists/oss-security/2015/09/22/13",
            "https://github.com/plone/Products.CMFPlone/commit/1845b0a92312291811b68907bf2aa0fb448c4016",
            "https://github.com/plone/Products.CMFPlone/commit/9f0111f85cd14f3f067044b59b93e2856c99d542",
            "https://pypi.org/project/Products.PloneHotfix20150910/",
            "https://github.com/advisories/GHSA-984m-rj28-8c6x"
          ],
          "uuid": "a89696cb-d408-4a19-b8c7-605385a17fa0"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-7315"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members"
            },
            {
              "name": "https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1264791",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264791"
            },
            {
              "name": "[oss-security] 20150922 Re: CVE Request: Plone Unauthorized user creation",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/09/22/13"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-10-03T15:17Z",
      "publishedDate": "2017-09-25T17:29Z"
    }
  }
}

CNVD-2017-30367

Vulnerability from cnvd - Published: 2017-10-17

Title

Plone设计漏洞

Description

Plone是美国Plone基金会的一套建立在应用服务器（Zope）上的免费且开源的内容管理系统（CMS）。该系统采用Python语言开发，适用于门户网站、企业内外网站、文档发布系统等。 Plone中存在设计漏洞。攻击者可利用该漏洞添加新成员。

Severity

中

Patch Name

Plone设计漏洞的补丁

Patch Description

Plone是美国Plone基金会的一套建立在应用服务器（Zope）上的免费且开源的内容管理系统（CMS）。该系统采用Python语言开发，适用于门户网站、企业内外网站、文档发布系统等。 Plone中存在设计漏洞。攻击者可利用该漏洞添加新成员。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members

Reference

http://www.openwall.com/lists/oss-security/2015/09/22/13

Impacted products

Name
['Plone Plone >=3.3.0，<=3.3.6', 'Plone Plone >=4.0.0，<=4.0.10', 'Plone Plone >=4.1.0，<=4.1.6', 'Plone Plone >=4.2.0，<=4.2.7', 'Plone Plone >=4.3.0，<=4.3.6', 'Plone Plone 5.0rc1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-7315",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7315"
    }
  },
  "description": "Plone\u662f\u7f8e\u56fdPlone\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u5efa\u7acb\u5728\u5e94\u7528\u670d\u52a1\u5668\uff08Zope\uff09\u4e0a\u7684\u514d\u8d39\u4e14\u5f00\u6e90\u7684\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\uff08CMS\uff09\u3002\u8be5\u7cfb\u7edf\u91c7\u7528Python\u8bed\u8a00\u5f00\u53d1\uff0c\u9002\u7528\u4e8e\u95e8\u6237\u7f51\u7ad9\u3001\u4f01\u4e1a\u5185\u5916\u7f51\u7ad9\u3001\u6587\u6863\u53d1\u5e03\u7cfb\u7edf\u7b49\u3002\r\n\r\nPlone\u4e2d\u5b58\u5728\u8bbe\u8ba1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6dfb\u52a0\u65b0\u6210\u5458\u3002",
  "discovererName": "Adam Mari\u0161",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-30367",
  "openTime": "2017-10-17",
  "patchDescription": "Plone\u662f\u7f8e\u56fdPlone\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u5efa\u7acb\u5728\u5e94\u7528\u670d\u52a1\u5668\uff08Zope\uff09\u4e0a\u7684\u514d\u8d39\u4e14\u5f00\u6e90\u7684\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\uff08CMS\uff09\u3002\u8be5\u7cfb\u7edf\u91c7\u7528Python\u8bed\u8a00\u5f00\u53d1\uff0c\u9002\u7528\u4e8e\u95e8\u6237\u7f51\u7ad9\u3001\u4f01\u4e1a\u5185\u5916\u7f51\u7ad9\u3001\u6587\u6863\u53d1\u5e03\u7cfb\u7edf\u7b49\u3002\r\n\r\nPlone\u4e2d\u5b58\u5728\u8bbe\u8ba1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6dfb\u52a0\u65b0\u6210\u5458\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Plone\u8bbe\u8ba1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Plone Plone \u003e=3.3.0\uff0c\u003c=3.3.6",
      "Plone Plone \u003e=4.0.0\uff0c\u003c=4.0.10",
      "Plone Plone \u003e=4.1.0\uff0c\u003c=4.1.6",
      "Plone Plone \u003e=4.2.0\uff0c\u003c=4.2.7",
      "Plone Plone \u003e=4.3.0\uff0c\u003c=4.3.6",
      "Plone Plone 5.0rc1"
    ]
  },
  "referenceLink": "http://www.openwall.com/lists/oss-security/2015/09/22/13",
  "serverity": "\u4e2d",
  "submitTime": "2017-10-12",
  "title": "Plone\u8bbe\u8ba1\u6f0f\u6d1e"
}

PYSEC-2017-52

Vulnerability from pysec - Published: 2017-09-25 17:29 - Updated: 2021-07-25 23:34

Details

Impacted products

Name	purl
plone	pkg:pypi/plone

Aliases

CVE-2015-7315

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "plone",
        "purl": "pkg:pypi/plone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "e1d981bfa14b664317285f0f36498f4be4a23406"
            }
          ],
          "repo": "https://github.com/zopefoundation/Products.CMFCore",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "3.3"
            },
            {
              "fixed": "4.0a1"
            },
            {
              "introduced": "4.0"
            },
            {
              "fixed": "4.1a1"
            },
            {
              "introduced": "4.1"
            },
            {
              "fixed": "4.2a1"
            },
            {
              "introduced": "4.2"
            },
            {
              "fixed": "4.3a1"
            },
            {
              "introduced": "4.3"
            },
            {
              "fixed": "4.3.7"
            },
            {
              "introduced": "5.0a1"
            },
            {
              "fixed": "5.0rc2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "3.3",
        "3.3.1",
        "3.3.2",
        "3.3.3",
        "3.3.4",
        "3.3.5",
        "3.3.6",
        "4.0",
        "4.0.1",
        "4.0.10",
        "4.0.2",
        "4.0.3",
        "4.0.4",
        "4.0.5",
        "4.0.6",
        "4.0.7",
        "4.0.8",
        "4.0.9",
        "4.1",
        "4.1.1",
        "4.1.2",
        "4.1.3",
        "4.1.4",
        "4.1.5",
        "4.1.6",
        "4.2",
        "4.2.1",
        "4.2.2",
        "4.2.3",
        "4.2.4",
        "4.2.5",
        "4.2.6",
        "4.2.7",
        "4.3",
        "4.3.1",
        "4.3.2",
        "4.3.3",
        "4.3.4",
        "4.3.5",
        "4.3.6",
        "5.0a1",
        "5.0a2",
        "5.0a3",
        "5.0b1",
        "5.0b2",
        "5.0b3",
        "5.0b4",
        "5.0rc1"
      ]
    }
  ],
  "aliases": [
    "CVE-2015-7315"
  ],
  "details": "Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.",
  "id": "PYSEC-2017-52",
  "modified": "2021-07-25T23:34:48.187458Z",
  "published": "2017-09-25T17:29:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members"
    },
    {
      "type": "FIX",
      "url": "https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264791"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2015/09/22/13"
    }
  ]
}

FKIE_CVE-2015-7315

Vulnerability from fkie_nvd - Published: 2017-09-25 17:29 - Updated: 2025-04-20 01:37

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/09/22/13	Mailing List, Patch, Third Party Advisory
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=1264791	Issue Tracking, Patch, Third Party Advisory
cve@mitre.org	https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406	Issue Tracking, Patch, Third Party Advisory
cve@mitre.org	https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/09/22/13	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1264791	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members	Vendor Advisory

Impacted products

Vendor	Product	Version
plone	plone	3.3
plone	plone	3.3.1
plone	plone	3.3.2
plone	plone	3.3.3
plone	plone	3.3.4
plone	plone	3.3.5
plone	plone	3.3.6
plone	plone	4.0
plone	plone	4.0.1
plone	plone	4.0.2
plone	plone	4.0.3
plone	plone	4.0.4
plone	plone	4.0.5
plone	plone	4.0.7
plone	plone	4.0.8
plone	plone	4.0.9
plone	plone	4.0.10
plone	plone	4.1
plone	plone	4.1.1
plone	plone	4.1.2
plone	plone	4.1.3
plone	plone	4.1.4
plone	plone	4.1.5
plone	plone	4.1.6
plone	plone	4.2
plone	plone	4.2.1
plone	plone	4.2.2
plone	plone	4.2.3
plone	plone	4.2.4
plone	plone	4.2.5
plone	plone	4.2.6
plone	plone	4.2.7
plone	plone	4.3
plone	plone	4.3.1
plone	plone	4.3.2
plone	plone	4.3.3
plone	plone	4.3.4
plone	plone	4.3.5
plone	plone	4.3.6
plone	plone	5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "858CBC5A-C241-475C-8125-C5EA351B12A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1F88BF6-9058-4CB8-A2D6-5653860CF489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2AA3FA2-15C3-444A-8810-5EF3E0E84D58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "72F3B15A-CD0F-4CC5-A76F-E62637B30E2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D913FCA7-4DAE-4E9A-9146-9AFA8472B04B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8883023-113A-420A-97B6-A4A9B29CF7DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DF4D113-8D9D-4DA3-A177-64783352F608",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "28F9B699-D1A4-425C-84ED-6A8FD29BE7F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCC8B987-5173-4C61-8DE6-B70C18EE6FD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "38BA31E8-77EC-478B-BC6E-E2F145A8B9BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56571585-E9A2-4B78-B2B1-5D8EADED522A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CDF8A15-401C-453E-8D09-8D4CDD4766DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "39B0B1CE-C0D9-495C-B4E7-E52A50BD6D97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "043B3CBE-DEA2-474D-AA57-1830A470B621",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "08A6842B-B479-4D91-928A-1CCE1DCB936E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8AF9FB6C-134F-4653-8771-1BF46AB39344",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator."
    },
    {
      "lang": "es",
      "value": "Plone desde la versi\u00f3n 3.3.0 hasta la 3.3.6, desde la 4.0.0 hasta la 4.0.10, desde la 4.1.0 hasta la 4.1.6, desde la 4.2.0 hasta la 4.2.7, desde la 4.3.0 hasta la 4.3.6 y la 5.0rc1 permite que los atacantes remotos a\u00f1adan un nuevo miembro a un sitio Plone con el registro activado, sin el conocimiento del administrador del sitio."
    }
  ],
  "id": "CVE-2015-7315",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-25T17:29:00.537",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/09/22/13"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264791"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/09/22/13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-984M-RJ28-8C6X

Vulnerability from github – Published: 2022-05-17 00:35 – Updated: 2024-10-18 21:43

Summary

Plone unauthorized member addition vulnerability

Details

Severity ?

5.9 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

8.2 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 4.3.6"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "Products.CMFPlone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.3.0"
            },
            {
              "fixed": "4.3.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Products.CMFPlone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0a1"
            },
            {
              "fixed": "5.0rc2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Plone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.3"
            },
            {
              "last_affected": "3.3.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Plone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0a1"
            },
            {
              "last_affected": "4.0.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Plone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.1a1"
            },
            {
              "last_affected": "4.1.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Plone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.2a1"
            },
            {
              "last_affected": "4.2.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Plone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.3a1"
            },
            {
              "last_affected": "4.3.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Plone"
      },
      "versions": [
        "5.0rc1"
      ]
    }
  ],
  "aliases": [
    "CVE-2015-7315"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-07T19:57:45Z",
    "nvd_published_at": "2017-09-25T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.",
  "id": "GHSA-984m-rj28-8c6x",
  "modified": "2024-10-18T21:43:36Z",
  "published": "2022-05-17T00:35:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7315"
    },
    {
      "type": "WEB",
      "url": "https://github.com/plone/Products.CMFPlone/commit/1845b0a92312291811b68907bf2aa0fb448c4016"
    },
    {
      "type": "WEB",
      "url": "https://github.com/plone/Products.CMFPlone/commit/9f0111f85cd14f3f067044b59b93e2856c99d542"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264791"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/plone/Products.CMFPlone"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-52.yaml"
    },
    {
      "type": "WEB",
      "url": "https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members"
    },
    {
      "type": "WEB",
      "url": "https://pypi.org/project/Products.PloneHotfix20150910"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2015/09/22/13"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Plone unauthorized member addition vulnerability"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-7315 (GCVE-0-2015-7315)

GSD-2015-7315

CNVD-2017-30367

PYSEC-2017-52

FKIE_CVE-2015-7315

GHSA-984M-RJ28-8C6X

Tags

Sightings

Nomenclature