Access Restriction Bypass Affecting plone package, versions [3.3,4.3.2]


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.08% (36th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PYTHON-PLONE-40244
  • published10 Dec 2013
  • disclosed10 Dec 2013
  • creditUnknown

Introduced: 10 Dec 2013

CVE-2013-7061  (opens in a new tab)
CWE-285  (opens in a new tab)

Overview

plone is a Content Management System.

Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API.

CVSS Scores

version 3.1