HIGH✓ PATCH🇬🇧 English

CVE-2021-33926

CVSS 8.8v3.1pub. 2023-02-17upd. 2025-03-19

An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Plone

    APP
    Plone
    4.34.3.14.3.104.3.114.3.124.3.144.3.154.3.174.3.184.3.194.3.24.3.204.3.34.3.44.3.5+ 34 więcej
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2021-33509CRITICAL9.9ten sam produkt

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to ...

CVE-2020-35190CRITICAL9.8ten sam produkt

The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password fo...

CVE-2020-7941CRITICAL9.8ten sam produkt

A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwri...

CVE-2024-22889HIGH7.5ten sam produkt

Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted o...

CVE-2024-23756HIGH7.5ten sam produkt

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unaut...