An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HPlone
APPPlone4.34.3.14.3.104.3.114.3.124.3.144.3.154.3.174.3.184.3.194.3.24.3.204.3.34.3.44.3.5+ 34 więcej
Related vulnerabilities
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to ...
The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password fo...
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwri...
Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted o...
The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unaut...