CVE-2016-4043

Опубликовано: 24 фев. 2017

Источник: nvd

CVSS3: 4.9

CVSS2: 3.5

EPSS Низкий

Описание

Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.

Ссылки

http://www.openwall.com/lists/oss-security/2016/04/20/3
Mailing List
Third Party Advisory
https://plone.org/security/hotfix/20160419/bypass-restricted-python
Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/04/20/3
Mailing List
Third Party Advisory
https://plone.org/security/hotfix/20160419/bypass-restricted-python
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.1a1:*:*:*:*:*:*:*

EPSS

Процентиль: 35%

0.00139

Низкий

4.9 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-6h8x-73fx-q2h9