Lucene search

GitHub Advisory DatabaseGHSA-F5H9-3HPF-9J8M

HistoryMay 17, 2022 - 4:49 a.m.

Plone is vulnerable to email spoofing

2022-05-1704:49:45

CWE-20

GitHub Advisory Database

github.com

plone

email spoofing

vulnerability

software

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

EPSS

0.001

Percentile

48.3%

JSON

sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors.

Affected configurations

Vulners

Node

ploneploneRange<4.3.2

ploneploneRange<4.2.6

ploneploneRange2.1≥

ploneploneRange≤4.1

References

plone.org/products/plone-hotfix/releases/20130618

plone.org/products/plone/security/advisories/20130618-announcement

seclists.org/oss-sec/2013/q3/261

bugzilla.redhat.com/show_bug.cgi?id=978464

github.com/advisories/GHSA-f5h9-3hpf-9j8m

nvd.nist.gov/vuln/detail/CVE-2013-4192

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

EPSS

0.001

Percentile

48.3%

JSON

Related for GHSA-F5H9-3HPF-9J8M