CVE-2011-4030 – plone

Package

Manager: pip
Name: plone
Vulnerable Version: >=4.0 <4.0.10 || >=4.1 <4.1.1 || >=4.2a1 <4.2a3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01066 pctl0.7686

Details

Plone anonymous access to sub-objects in CMFEditions where KwAsAttributes classes were publishable The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.

Metadata

Created: 2022-05-17T05:37:14Z
Modified: 2024-11-22T20:15:03Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pwgm-jvqv-6v8p/GHSA-pwgm-jvqv-6v8p.json
CWE IDs: []
Alternative ID: GHSA-pwgm-jvqv-6v8p
Finding: F039
Auto approve: 1