Skip to content

Plone Privilege escalation due improper authorization

Moderate severity GitHub Reviewed Published May 17, 2022 to the GitHub Advisory Database • Updated May 9, 2024

Package

pip Plone (pip)

Affected versions

>= 2.1, <= 4.1
>= 4.2, < 4.2.6
>= 4.3, < 4.3.2

Patched versions

4.2.6
4.3.2

Description

Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors.

References

Published by the National Vulnerability Database Mar 11, 2014
Published to the GitHub Advisory Database May 17, 2022
Reviewed Apr 29, 2024
Last updated May 9, 2024

Severity

Moderate

EPSS score

0.332%
(71st percentile)

Weaknesses

No CWEs

CVE ID

CVE-2013-4189

GHSA ID

GHSA-pwpq-632g-h49g

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.