Описание
Plone anonymous access to sub-objects in CMFEditions where KwAsAttributes classes were publishable
The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2011-4030
- https://github.com/pypa/advisory-database/tree/main/vulns/products-plonehotfix20110928/PYSEC-2011-27.yaml
- http://plone.org/products/plone-hotfix/releases/20110928
- http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip
- http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0
Пакеты
Plone
>= 4.0, <= 4.0.9
4.0.10
Plone
>= 4.1, < 4.1.1
4.1.1
Plone
>= 4.2a1, <= 4.2a2
4.2a3
EPSS
CVE ID
Связанные уязвимости
The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.
The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.
The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4 ...
EPSS