CVE-2011-1950: Plone and plone.app.users allow remote authenticated users to modify the properties of arbitrary accounts

July 23, 2018 (updated October 9, 2024)

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.

References

exchange.xforce.ibmcloud.com/vulnerabilities/67695
github.com/advisories/GHSA-2qx8-589j-gcpx
github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-16.yaml
nvd.nist.gov/vuln/detail/CVE-2011-1950

Detect and mitigate CVE-2011-1950 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →