Skip to content

Plone allows anonymous users to reset any users password through the web via Password Reset Tool

Moderate severity GitHub Reviewed Published May 1, 2022 to the GitHub Advisory Database • Updated Nov 22, 2024

Package

pip Plone (pip)

Affected versions

>= 2.5, < 2.5.1

Patched versions

2.5.1

Description

Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."

References

Published by the National Vulnerability Database Sep 29, 2006
Published to the GitHub Advisory Database May 1, 2022
Reviewed May 9, 2024
Last updated Nov 22, 2024

Severity

Moderate

EPSS score

0.200%
(59th percentile)

Weaknesses

No CWEs

CVE ID

CVE-2006-4247

GHSA ID

GHSA-5hch-v5pq-x4qp

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.