Lucene search

[email protected]CVE-2006-1711

HistoryApr 11, 2006 - 6:06 p.m.

CVE-2006-1711

2006-04-1118:06:00

[email protected]

web.nvd.nist.gov

cve-2006-1711

plone

unauthorized access

portrait modification

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.3 Medium

AI Score

Confidence

Low

0.146 Low

EPSS

Percentile

95.8%

JSON

Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.

Affected configurations

NVD

Node

ploneploneMatch2.0.5

ploneploneMatch2.1.2

ploneploneMatch2.5_beta1

CPENameOperatorVersion
plone:ploneploneeq2.0.5
plone:ploneploneeq2.1.2
plone:ploneploneeq2.5_beta1

CPE	Name	Operator	Version
plone:plone	plone	eq	2.0.5
plone:plone	plone	eq	2.1.2
plone:plone	plone	eq	2.5_beta1

References

dev.plone.org/plone/ticket/5432

secunia.com/advisories/19633

secunia.com/advisories/19640

www.debian.org/security/2006/dsa-1032

www.securityfocus.com/bid/17484

www.vupen.com/english/advisories/2006/1340

exchange.xforce.ibmcloud.com/vulnerabilities/25781

svn.plone.org/svn/plone/PloneHotfix20060410/trunk/README.txt

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.3 Medium

AI Score

Confidence

Low

0.146 Low

EPSS

Percentile

95.8%

JSON

Related for CVE-2006-1711

openvas6 nvd1 github1 nessus4 prion1 freebsd2 osv1 ubuntucve1 cvelist1 debian1 securityvulns1