CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-33926

HIGH
8.8
CVSS Severity Score
EPSS Score0.1210%
EPSS Percentile9.51th
Published2023年2月17日
Last Modified2025年3月19日

Vulnerability Description

An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.

Affected Platforms (CPE)

📦
Plone

Plone

= 4.3
📦
Plone

Plone

= 4.3.1
📦
Plone

Plone

= 4.3.2
📦
Plone

Plone

= 4.3.3
📦
Plone

Plone

= 4.3.4
📦
Plone

Plone

= 4.3.5
📦
Plone

Plone

= 4.3.6
📦
Plone

Plone

= 4.3.7
📦
Plone

Plone

= 4.3.8
📦
Plone

Plone

= 4.3.9
📦
Plone

Plone

= 4.3.10
📦
Plone

Plone

= 4.3.11
📦
Plone

Plone

= 4.3.12
📦
Plone

Plone

= 4.3.14
📦
Plone

Plone

= 4.3.15
📦
Plone

Plone

= 4.3.17
📦
Plone

Plone

= 4.3.18
📦
Plone

Plone

= 4.3.19
📦
Plone

Plone

= 4.3.20
📦
Plone

Plone

= 5.0
📦
Plone

Plone

= 5.0
📦
Plone

Plone

= 5.0
📦
Plone

Plone

= 5.0
📦
Plone

Plone

= 5.0.1
📦
Plone

Plone

= 5.0.2
📦
Plone

Plone

= 5.0.3
📦
Plone

Plone

= 5.0.4
📦
Plone

Plone

= 5.0.5
📦
Plone

Plone

= 5.0.6
📦
Plone

Plone

= 5.0.7
📦
Plone

Plone

= 5.0.8
📦
Plone

Plone

= 5.0.9
📦
Plone

Plone

= 5.0.10
📦
Plone

Plone

= 5.1
📦
Plone

Plone

= 5.1.1
📦
Plone

Plone

= 5.1.2
📦
Plone

Plone

= 5.1.4
📦
Plone

Plone

= 5.1.5
📦
Plone

Plone

= 5.1.6
📦
Plone

Plone

= 5.1.7
📦
Plone

Plone

= 5.1a1
📦
Plone

Plone

= 5.1a2
📦
Plone

Plone

= 5.1b2
📦
Plone

Plone

= 5.1b3
📦
Plone

Plone

= 5.1b4
📦
Plone

Plone

= 5.1rc1
📦
Plone

Plone

= 5.1rc2
📦
Plone

Plone

= 5.2.0
📦
Plone

Plone

= 5.2.1
📦
Plone

Plone

= 5.2.2
📦
Plone

Plone

= 5.2.3
📦
Plone

Plone

= 5.2.4

References & Advisories

🔗 https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf
🔗 https://plone.org/security/hotfix/20210518
🔗 https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url
🔗 https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf
🔗 https://plone.org/security/hotfix/20210518
🔗 https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url

関連する脆弱性情報

CVE-2008-139310.0

Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for...

CVE-2021-335099.9

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText...

CVE-2020-79419.8

A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content wit...

CVE-2020-351909.8

The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. Syste...