Bug 209163

Summary: CVE-2006-4247: plone password reset vulnerability
Product: [Fedora] Fedora Reporter: Ville Skyttä <scop>
Component: ploneAssignee: Aurelien Bompard <gauret>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: urgent    
Version: 5CC: extras-qa, fedora-security-list
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-10-05 17:12:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ville Skyttä 2006-10-03 17:39:16 UTC 
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4247

Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 
and 2.5.1 Release Candidate allows attackers to reset the passwords of other 
users, related to "an erroneous security declaration."

According to info in upstream advisory, 2.5* (FC-5 and devel) are affected, 
2.1.* (FC-3 and FC-4) not.
Comment 1 Aurelien Bompard 2006-10-05 17:12:36 UTC 
Fixed and updated, thanks