What is GHSA-r7j4-82xw-8m9p?

GHSA-r7j4-82xw-8m9p is a security advisory published by GitHub Security Advisories with Medium severity. Plone allows a user to masquerade as a group

Which CVE IDs does GHSA-r7j4-82xw-8m9p cover?

GHSA-r7j4-82xw-8m9p covers the following CVE IDs: CVE-2006-4249. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-r7j4-82xw-8m9p?

GHSA-r7j4-82xw-8m9p has a CVSS v3 base score of 5.9, published by GitHub Security Advisories.

Which products are affected by GHSA-r7j4-82xw-8m9p?

GHSA-r7j4-82xw-8m9p affects 1 product, including: pip/Plone:\u003e= 2.5, \u003c= 2.5.1.

GHSA-r7j4-82xw-8m9pMediumCVSS 5.9

Plone allows a user to masquerade as a group

Vendor

GitHub Security Advisories

Published

May 1, 2022

Last Modified

June 6, 2026

🔗 CVE IDs covered (1)

CVE-2006-4249 →

📋 Description

Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to "masquerade as a group."

🎯 Affected products1

pip/Plone:>= 2.5, <= 2.5.1

🔗 References (10)

https://nvd.nist.gov/vuln/detail/CVE-2006-4249
https://exchange.xforce.ibmcloud.com/vulnerabilities/30762
http://plone.org/about/security/advisories/cve-2006-4249
http://plone.org/products/plone-hotfix/releases/20061031
https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2006-6.yaml
https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2006-10.yaml
http://secunia.com/advisories/23240
http://www.securityfocus.com/bid/21460
http://www.vupen.com/english/advisories/2006/4878
https://github.com/advisories/GHSA-r7j4-82xw-8m9p