CVE-2013-4196 – plone

Package

Manager: pip
Name: plone
Vulnerable Version: >=2.1 <4.1.1 || >=4.2 <4.2.6 || >=4.3 <4.3.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00319 pctl0.54366

Details

Plone is vulnerable to information exposure via the object manager implementation The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request.

Metadata

Created: 2022-05-17T04:49:45Z
Modified: 2024-10-18T21:55:32Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qphh-5fv5-2mjj/GHSA-qphh-5fv5-2mjj.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-qphh-5fv5-2mjj
Finding: F038
Auto approve: 1