CRITICAL✓ PATCH🇬🇧 English

CVE-2020-7941

CVSS 9.8v3.1pub. 2020-01-23upd. 2024-11-21

A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Plone

    APP
    Plone
    4.3.0 – 5.2.1
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
LPE
CWE
Referencje

Powiązane podatności

CVE-2021-33509CRITICAL9.9ten sam produkt

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to ...

CVE-2020-35190CRITICAL9.8ten sam produkt

The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password fo...

CVE-2024-22889HIGH7.5ten sam produkt

Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted o...

CVE-2024-23756HIGH7.5ten sam produkt

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unaut...

CVE-2021-33926HIGH8.8ten sam produkt

An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1,...

CVE-2020-7941 — CRITICAL 9.8 | CVEbaza.pl