CVE-2016-4043 – plone

Package

Manager: pip
Name: plone
Vulnerable Version: >=5.0rc1 <=5.0.4 || =5.1a1

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00139 pctl0.34591

Details

Chameleon in Plone allows Authentication Bypass Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.

Metadata

Created: 2022-05-17T02:57:32Z
Modified: 2024-10-18T15:41:47Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6h8x-73fx-q2h9/GHSA-6h8x-73fx-q2h9.json
CWE IDs: ["CWE-287"]
Alternative ID: GHSA-6h8x-73fx-q2h9
Finding: F039
Auto approve: 1