Plone CMS Permissions Privileges and Access Controls Vulnerability - CVE-2013-4198 - Vulnerability Database

Plone CMS Permissions Privileges and Access Controls Vulnerability - CVE-2013-4198

Medium

Reference: CVE-2013-4198

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2013-4198

Title: Plone CMS Permissions Privileges and Access Controls Vulnerability

Overview:

mail_password.py in Plone 2.1 through 4.1 4.2.x through 4.2.5 and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality.