CVE-2024-23756
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-23756
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-23756.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-23756
- Published
- 2024-02-08T21:15:08.380Z
- Modified
- 2025-11-15T15:39:09.984550Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them.
- References
Affected packages
Git / github.com/plone/plone
Affected ranges
- Type
- GIT
- Repo
- https://github.com/plone/plone
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
4.*
4.1.0
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc1
4.1rc2
4.1rc3
4.2a1
4.2a2
4.2b1
4.2b2
4.2rc1
4.3
4.3.1
4.3a1
4.3a2
4.3b1
4.3b2
5.*
5.0
5.0.1
5.0.2
5.0a2
5.0a3
5.0b1
5.0b3
5.0b4
5.0rc1
5.0rc2
5.0rc3
5.1.0
5.1.1
5.1.2
5.1.3
5.1.4
5.1a1
5.1a2
5.1b1
5.1b2
5.1b3
5.1b4
5.1rc1
5.1rc2
5.2.0
5.2.1
5.2.10
5.2.11
5.2.12
5.2.13
5.2.2
5.2.3
5.2.4
5.2.5
5.2.6
5.2.7
5.2.8
5.2.9
5.2a1
5.2a2
5.2b1
5.2rc1
5.2rc2
5.2rc3
5.2rc4
5.2rc5