CVE-2021-33926

Опубликовано: 17 фев. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.

Ссылки

https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf
Exploit
Third Party Advisory
https://plone.org/security/hotfix/20210518
Release Notes
https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url
Vendor Advisory
https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf
Exploit
Third Party Advisory
https://plone.org/security/hotfix/20210518
Release Notes
https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.10:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.11:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.12:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.14:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.15:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.17:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.18:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.19:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.20:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.0:-:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.0.6:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.0.7:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.0.8:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.0.9:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.0.10:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.1:alpha2:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.1.1:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.1.2:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.1.4:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.1.5:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.1.6:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.1.7:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.1a1:alpha1:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.1a2:beta4:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.1b2:beta3:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.1b3:beta2:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.1b4:rc2:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.1rc1:rc1:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.1rc2:-:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.2.0:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.2.1:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.2.2:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.2.3:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:5.2.4:*:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.0028

Низкий

8.8 High

CVSS3

Дефекты

CWE-918

Связанные уязвимости

GHSA-47p5-p3jw-w78w