Vulnerability CVE-2015-7317


Published: 2017-09-25

Description:
Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings.

Vendor: Plone
Product: Plone 
Version:
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2
4.1.6
4.1.5
4.1.4
4.1.3
4.1.2
4.1.1
4.1
4.0.9
4.0.8
4.0.7
4.0.6.1
4.0.5
4.0.4
4.0.3
4.0.2
4.0.10
4.0.1
4.0
3.3.6
3.3.5
3.3.4
3.3.3
3.3.2
3.3.1
3.3
Vendor: Kupu project
Product: KUPU 
Version: 1.4.16;

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.9/10
4.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None

 References:
http://www.openwall.com/lists/oss-security/2015/09/22/15
https://bugzilla.redhat.com/show_bug.cgi?id=1264799
https://plone.org/security/hotfix/20150910
https://plone.org/security/hotfix/20150910/privilege-escalation-in-kupu

Copyright 2019, cxsecurity.com

 

Back to Top