Access Restriction Bypass

Affecting plone package, versions [4.0,5.1a1]

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

plone is a Content Management System.

Affected versions of this package are vulnerable to Access Restriction Bypass. Dexterity content is missing security declarations for WebDAV requests. This only affects Dexterity objects.

References

CVSS Score

7.3
high severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    Low
  • Integrity
    Low
  • Availability
    Low
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Credit
Thomas Mogensen
CVE
CVE-2016-4041
CWE
CWE-284
Snyk ID
SNYK-PYTHON-PLONE-40393
Disclosed
09 Apr, 2016
Published
09 Apr, 2016