CVE-2020-28736

Опубликовано: 30 дек. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role).

Ссылки

https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt
Release Notes
Vendor Advisory
https://github.com/plone/Products.CMFPlone/issues/3209
Patch
Third Party Advisory
https://www.misakikata.com/codes/plone/python-en.html
Broken Link
https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt
Release Notes
Vendor Advisory
https://github.com/plone/Products.CMFPlone/issues/3209
Patch
Third Party Advisory
https://www.misakikata.com/codes/plone/python-en.html
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*

Версия до 5.2.3 (исключая)

EPSS

Процентиль: 65%

0.00484

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-611

Связанные уязвимости

GHSA-2c8c-84w2-j38j