CVE-2013-4191 – plone

Package

Manager: pip
Name: plone
Vulnerable Version: >=2.1 <4.1.1 || >=4.2 <4.2.6 || >=4.3 <4.3.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00309 pctl0.53579

Details

Plone is vulnerable to Information Exposure when generating zip archives zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to obtain sensitive information by reading a generated archive.

Metadata

Created: 2022-05-17T04:49:45Z
Modified: 2024-10-15T17:25:08Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-grwx-4p5v-9g2g/GHSA-grwx-4p5v-9g2g.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-grwx-4p5v-9g2g
Finding: F038
Auto approve: 1