CVE-2015-7317

EUVD-2015-7243
Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
Affected Products (NVD)
VendorProductVersion
kupu_projectkupu
𝑥
≤ 1.4.16
ploneplone
3.3
ploneplone
3.3.1
ploneplone
3.3.2
ploneplone
3.3.3
ploneplone
3.3.4
ploneplone
3.3.5
ploneplone
3.3.6
ploneplone
4.0
ploneplone
4.0.1
ploneplone
4.0.2
ploneplone
4.0.3
ploneplone
4.0.4
ploneplone
4.0.5
ploneplone
4.0.6.1
ploneplone
4.0.7
ploneplone
4.0.8
ploneplone
4.0.9
ploneplone
4.0.10
ploneplone
4.1
ploneplone
4.1.1
ploneplone
4.1.2
ploneplone
4.1.3
ploneplone
4.1.4
ploneplone
4.1.5
ploneplone
4.1.6
ploneplone
4.2
ploneplone
4.2.1
ploneplone
4.2.2
ploneplone
4.2.3
ploneplone
4.2.4
ploneplone
4.2.5
ploneplone
4.2.6
ploneplone
4.2.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2015/09/22/15
https://bugzilla.redhat.com/show_bug.cgi?id=1264799
https://plone.org/security/hotfix/20150910
https://plone.org/security/hotfix/20150910/privilege-escalation-in-kupu
http://www.openwall.com/lists/oss-security/2015/09/22/15
https://bugzilla.redhat.com/show_bug.cgi?id=1264799
https://plone.org/security/hotfix/20150910
https://plone.org/security/hotfix/20150910/privilege-escalation-in-kupu