—

PYSEC-2011-16

Details

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / plone

Introduced in: 0 Fixed in: 4.1.1

Fix pip install --upgrade 'plone>=4.1.1'

References

http://www.securityfocus.com/bid/48005 [WEB]
http://secunia.com/advisories/44775 [ADVISORY]
http://plone.org/products/plone/security/advisories/CVE-2011-1950 [ADVISORY]
http://osvdb.org/72729 [WEB]
http://securityreason.com/securityalert/8269 [WEB]
https://exchange.xforce.ibmcloud.com/vulnerabilities/67695 [WEB]
http://www.securityfocus.com/archive/1/518155/100/0/threaded [WEB]
https://github.com/advisories/GHSA-2qx8-589j-gcpx [ADVISORY]