<p>Upgrade <code>Plone</code> to version 5.2.2 or higher.</p>

Privilege Escalation Affecting plone package, versions [0,5.2.2)

Snyk CVSS

Attack Complexity Low

Threat Intelligence

EPSS 0.37% (73^rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PYTHON-PLONE-543308
published 26 Jan 2020
disclosed 26 Jan 2020
credit Alessandro Pisa

Report a new vulnerability Found a mistake?

Introduced: 26 Jan 2020

CVE-2020-7941 Open this link in a new tab CWE-269 Open this link in a new tab

How to fix?

Upgrade Plone to version 5.2.2 or higher.

Overview

Plone is an user friendly and extensible Content Management System running on top of Python and Zope.

Affected versions of this package are vulnerable to Privilege Escalation. Allows users to PUT (overwrite) some content without needing write permission.

References

GitHub Commit
Plone Security Hotfix