CVE-2011-1950
Plone and plone.app.users allow remote authenticated users to modify the properties of arbitrary accounts
6.5
MEDIUM
CVSS 3.1
EPSS 0.76%
Description
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.
How to fix CVE-2011-1950
To remediate CVE-2011-1950, upgrade the affected package to a fixed version below.
- PyPI/plone—upgrade to 4.0.6 or later
- —upgrade to 4.1.1 or later
- —upgrade to 1.0.5 or later
Is CVE-2011-1950 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- >= 4.0.1, < 4.0.6
- from 0, < 4.1.1
- >= 1.0a1, < 1.0.5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:A |
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |