Description

mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality.

Remediation

References

CVE-2013-4198

Related Vulnerabilities

SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-1023)

WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.32)

WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions Multiple Vulnerabilities (1.9.2.2)

Sqlite NULL Pointer Dereference Vulnerability (CVE-2020-13632)

IBM WebSEAL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2019-4156)

Severity

Medium

Classification

CVE-2013-4198 CWE-264

Tags

Missing Update Known Vulnerabilities