CVE-2013-4194 – plone

Package

Manager: pip
Name: plone
Vulnerable Version: >=2.1 <4.1.1 || >=4.2 <4.2.6 || >=4.3 <4.3.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00319 pctl0.54366

Details

Plone is vulnerable to File System Path Exposure The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message.

Metadata

Created: 2022-05-17T04:49:45Z
Modified: 2024-10-18T15:41:02Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mm32-jw73-9227/GHSA-mm32-jw73-9227.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-mm32-jw73-9227
Finding: F308
Auto approve: 1