CyberSec.Space Logo
Back to CVE Browser

CVE-2021-33509

CRITICAL
9.9
CVSS Severity Score
EPSS Score0.1860%
EPSS Percentile42.46th
PublishedMay 21, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.

Affected Platforms (CPE)

πŸ“¦
Plone

Plone

<= 5.2.4

References & Advisories

πŸ”— http://www.openwall.com/lists/oss-security/2021/05/22/1
πŸ”— https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script
πŸ”— http://www.openwall.com/lists/oss-security/2021/05/22/1
πŸ”— https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script

Related Vulnerabilities

CVE-2008-139310.0

Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for...

CVE-2020-351909.8

The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. Syste...

CVE-2020-79419.8

A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content wit...

CVE-2011-35879.3

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remo...