exploitDog

CVE-2020-28735

Опубликовано: 30 дек. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).

Ссылки

https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt
Release Notes
Vendor Advisory
https://github.com/plone/Products.CMFPlone/issues/3209
Patch
Third Party Advisory
https://www.misakikata.com/codes/plone/python-en.html
Broken Link
https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt
Release Notes
Vendor Advisory
https://github.com/plone/Products.CMFPlone/issues/3209
Patch
Third Party Advisory
https://www.misakikata.com/codes/plone/python-en.html
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*

Версия до 5.2.3 (исключая)

EPSS

Процентиль: 65%

0.00484

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-918

Связанные уязвимости

GHSA-x7wf-5mjc-6x76

CVSS3: 8.8

github

почти 5 лет назад

SSRF attacks via tracebacks in Plone

EPSS

Процентиль: 65%

0.00484

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-918