Vulnerability Details CVE-2015-7317
Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.4%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 4.9
References
- http://www.openwall.com/lists/oss-security/2015/09/22/15
- https://bugzilla.redhat.com/show_bug.cgi?id=1264799
- https://plone.org/security/hotfix/20150910
- https://plone.org/security/hotfix/20150910/privilege-escalation-in-kupu
- http://www.openwall.com/lists/oss-security/2015/09/22/15
- https://bugzilla.redhat.com/show_bug.cgi?id=1264799
- https://plone.org/security/hotfix/20150910
- https://plone.org/security/hotfix/20150910/privilege-escalation-in-kupu
Products affected by CVE-2015-7317
-
cpe:2.3:a:kupu_project:kupu:1.4.16
-
cpe:2.3:a:plone:plone:3.3
-
cpe:2.3:a:plone:plone:3.3.1
-
cpe:2.3:a:plone:plone:3.3.2
-
cpe:2.3:a:plone:plone:3.3.3
-
cpe:2.3:a:plone:plone:3.3.4
-
cpe:2.3:a:plone:plone:3.3.5
-
cpe:2.3:a:plone:plone:3.3.6
-
cpe:2.3:a:plone:plone:4.0
-
cpe:2.3:a:plone:plone:4.0.1
-
cpe:2.3:a:plone:plone:4.0.10
-
cpe:2.3:a:plone:plone:4.0.2
-
cpe:2.3:a:plone:plone:4.0.3
-
cpe:2.3:a:plone:plone:4.0.4
-
cpe:2.3:a:plone:plone:4.0.5
-
cpe:2.3:a:plone:plone:4.0.6.1
-
cpe:2.3:a:plone:plone:4.0.7
-
cpe:2.3:a:plone:plone:4.0.8
-
cpe:2.3:a:plone:plone:4.0.9
-
cpe:2.3:a:plone:plone:4.1
-
cpe:2.3:a:plone:plone:4.1.1
-
cpe:2.3:a:plone:plone:4.1.2
-
cpe:2.3:a:plone:plone:4.1.3
-
cpe:2.3:a:plone:plone:4.1.4
-
cpe:2.3:a:plone:plone:4.1.5
-
cpe:2.3:a:plone:plone:4.1.6
-
cpe:2.3:a:plone:plone:4.2
-
cpe:2.3:a:plone:plone:4.2.1
-
cpe:2.3:a:plone:plone:4.2.2
-
cpe:2.3:a:plone:plone:4.2.3
-
cpe:2.3:a:plone:plone:4.2.4
-
cpe:2.3:a:plone:plone:4.2.5
-
cpe:2.3:a:plone:plone:4.2.6
-
cpe:2.3:a:plone:plone:4.2.7