CyberSec.Space Logo
Back to CVE Browser

CVE-2020-7941

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0080%
EPSS Percentile34.43th
PublishedJan 23, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.

Affected Platforms (CPE)

πŸ“¦
Plone

Plone

>= 4.3.0 and <= 5.2.1

References & Advisories

πŸ”— http://www.openwall.com/lists/oss-security/2020/01/24/1
πŸ”— https://plone.org/security/hotfix/20200121
πŸ”— https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content
πŸ”— https://www.openwall.com/lists/oss-security/2020/01/22/1
πŸ”— http://www.openwall.com/lists/oss-security/2020/01/24/1
πŸ”— https://plone.org/security/hotfix/20200121
πŸ”— https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content
πŸ”— https://www.openwall.com/lists/oss-security/2020/01/22/1

Related Vulnerabilities

CVE-2008-139310.0

Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for...

CVE-2021-335099.9

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText...

CVE-2020-351909.8

The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. Syste...

CVE-2011-35879.3

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remo...