CVE-2020-28735 – plone-app-dexterity

Package

Manager: pip
Name: plone-app-dexterity
Vulnerable Version: =1.0 || =1.0.1 || =1.0.2 || =1.0.3 || =1.0a1 || =1.0a2 || =1.0a3 || =1.0a4 || =1.0a5 || =1.0a6 || =1.0a7 || =1.0b1 || =1.0b2 || =1.0b3 || =1.0b4 || =1.0rc1 || =1.1 || =1.2 || =1.2.1 || =1.2.2 || =2.0 || =2.0.1 || =2.0.10 || =2.0.11 || =2.0.12 || =2.0.13 || =2.0.14 || =2.0.15 || =2.0.16 || =2.0.17 || =2.0.18 || =2.0.19 || =2.0.2 || =2.0.3 || =2.0.4 || =2.0.5 || =2.0.6 || =2.0.7 || =2.0.8 || =2.0.9 || =2.1.0 || =2.1.1 || =2.1.10 || =2.1.11 || =2.1.12 || =2.1.13 || =2.1.14 || =2.1.15 || =2.1.16 || =2.1.17 || =2.1.18 || =2.1.19 || =2.1.2 || =2.1.20 || =2.1.3 || =2.1.4 || =2.1.5 || =2.1.6 || =2.1.7 || =2.1.8 || =2.1.9 || =2.2.0 || =2.3.0 || =2.3.1 || =2.3.2 || =2.3.3 || =2.3.4 || =2.3.5 || =2.3.6 || =2.3.7 || =2.3.8 || =2.3.9 || =2.4.0 || =2.4.1 || =2.4.10 || =2.4.2 || =2.4.3 || =2.4.4 || =2.4.5 || =2.4.6 || =2.4.7 || =2.4.8 || =2.4.9 || =2.5.0 || =2.5.1 || =2.5.2 || =2.5.3 || =2.6.0 || =2.6.1 || =2.6.2 || =2.6.3 || =2.6.4 || =2.6.5 || =2.6.6 || =2.6.7 || >=0 <2.6.8

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00484 pctl0.64335

Details

SSRF attacks via tracebacks in Plone Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).

Metadata

Created: 2021-04-07T21:13:44Z
Modified: 2024-10-15T20:22:44.798676Z
Source: https://osv-vulnerabilities
CWE IDs: ["CWE-918"]
Alternative ID: N/A
Finding: F100
Auto approve: 1