Access Restriction Bypass Affecting plone package, versions [5.0,5.1a1]
Threat Intelligence
EPSS
0.09% (39th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-PLONE-40396
- published 20 Apr 2016
- disclosed 20 Apr 2016
- credit Fred van Dijk, Maurits van Rees
Introduced: 20 Apr 2016
CVE-2016-4043 Open this link in a new tabOverview
plone
is a Content Management System.
Affected versions of this package are vulnerable to Bypass Restricted Python. This vulnerability should only affect site administrators who have ZMI access, or when you gave users permission to edit PloneFormGen templates. Only Chameleon (five.pt) is affected. This package is used by default in Plone 5, and can be added in Plone 4.
References
CVSS Scores
version 3.1