What is GHSA-5hch-v5pq-x4qp?

GHSA-5hch-v5pq-x4qp is a security advisory published by GitHub Security Advisories with High severity. Plone allows anonymous users to reset any users password through the web via Password Reset Tool

Which CVE IDs does GHSA-5hch-v5pq-x4qp cover?

GHSA-5hch-v5pq-x4qp covers the following CVE IDs: CVE-2006-4247. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-5hch-v5pq-x4qp?

GHSA-5hch-v5pq-x4qp has a CVSS v3 base score of 9.1, published by GitHub Security Advisories.

Which products are affected by GHSA-5hch-v5pq-x4qp?

GHSA-5hch-v5pq-x4qp affects 1 product, including: pip/Plone:\u003e= 2.5, \u003c 2.5.1.

GHSA-5hch-v5pq-x4qpHighCVSS 9.1

Plone allows anonymous users to reset any users password through the web via Password Reset Tool

Vendor

GitHub Security Advisories

Published

May 1, 2022

Last Modified

June 6, 2026

🔗 CVE IDs covered (1)

CVE-2006-4247 →

📋 Description

Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."

🎯 Affected products1

pip/Plone:>= 2.5, < 2.5.1

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2006-4247
http://plone.org/about/security/advisories/cve-2006-4247
https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2006-5.yaml
https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2006-9.yaml
https://github.com/advisories/GHSA-5hch-v5pq-x4qp