GHSA-pwpq-632g-h49g
Suggest an improvement- Source
- https://github.com/advisories/GHSA-pwpq-632g-h49g
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pwpq-632g-h49g/GHSA-pwpq-632g-h49g.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-pwpq-632g-h49g
- Aliases
-
- CVE-2013-4189
- PYSEC-2014-53
- Published
- 2022-05-17T04:49:49Z
- Modified
- 2025-04-13T22:34:59.296768Z
- Severity
-
- 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Plone Privilege escalation due improper authorization
- Details
-
Multiple unspecified vulnerabilities in (1)
dataitems.py, (2)get.py, and (3)traverseName.pyin Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors. - Database specific
{ "nvd_published_at": "2014-03-11T19:37:00Z", "cwe_ids": [], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-04-29T16:41:53Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2013-4189
- https://bugzilla.redhat.com/show_bug.cgi?id=978450
- https://github.com/plone/Plone
- https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-53.yaml
- http://plone.org/products/plone-hotfix/releases/20130618
- http://plone.org/products/plone/security/advisories/20130618-announcement
- http://seclists.org/oss-sec/2013/q3/261
Affected packages
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone
Affected versions
3.*
3.2a1
3.2rc1
3.2
3.2.1
3.2.2
3.2.3
3.3b1
3.3rc1
3.3rc2
3.3rc3
3.3rc4
3.3rc5
3.3
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
4.*
4.0a1
4.0a2
4.0a3
4.0a4
4.0a5
4.0b1
4.0b2
4.0b3
4.0b4
4.0b5
4.0rc1
4.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc2
4.1rc3
4.1
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone