CVE-2015-7317

Опубликовано: 25 сент. 2017

Источник: nvd

CVSS3: 6.8

CVSS2: 4.9

EPSS Низкий

Описание

Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings.

Ссылки

http://www.openwall.com/lists/oss-security/2015/09/22/15
Mailing List
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1264799
Issue Tracking
Third Party Advisory
https://plone.org/security/hotfix/20150910
Vendor Advisory
https://plone.org/security/hotfix/20150910/privilege-escalation-in-kupu
Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/09/22/15
Mailing List
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1264799
Issue Tracking
Third Party Advisory
https://plone.org/security/hotfix/20150910
Vendor Advisory
https://plone.org/security/hotfix/20150910/privilege-escalation-in-kupu
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kupu_project:kupu:*:*:*:*:*:*:*:*

Версия до 1.4.16 (включая)

Конфигурация 2

Одно из

cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00252

Низкий

6.8 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2015-7317

redhat

больше 10 лет назад

Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings.

GHSA-q4wg-m7gq-8rhw

CVSS3: 6.8

github

больше 3 лет назад

Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings.

EPSS

Процентиль: 48%

0.00252

Низкий

6.8 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-264