GHSA-w6g9-xccc-347h
Suggest an improvement- Source
- https://github.com/advisories/GHSA-w6g9-xccc-347h
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w6g9-xccc-347h/GHSA-w6g9-xccc-347h.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-w6g9-xccc-347h
- Aliases
- Published
- 2022-05-24T17:07:14Z
- Modified
- 2024-10-18T22:04:21.474591Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Plone Unauthenticated Write Vulnerability
- Details
-
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.
- Database specific
{ "nvd_published_at": "2020-01-23T21:15:00Z", "severity": "CRITICAL", "cwe_ids": [ "CWE-269" ], "github_reviewed": true, "github_reviewed_at": "2023-07-12T23:37:04Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-7941
- https://github.com/plone/plone.app.contenttypes
- https://github.com/plone/plone.app.contenttypes/blob/master/CHANGES.rst?plain=1#L372-L374
- https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-90.yaml
- https://plone.org/security/hotfix/20200121
- https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content
- https://www.openwall.com/lists/oss-security/2020/01/22/1
- http://www.openwall.com/lists/oss-security/2020/01/24/1
Affected packages
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone
Affected versions
4.*
4.3
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
4.3.8
4.3.9
4.3.10
4.3.11
4.3.12
4.3.13
4.3.14
4.3.15
4.3.16
4.3.17
4.3.18
4.3.19
4.3.20
5.*
5.0a1
5.0a2
5.0a3
5.0b1
5.0b2
5.0b3
5.0b4
5.0rc1
5.0rc2
5.0rc3
5.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.0.9
5.0.10
5.1a1
5.1a2
5.1b1
5.1b2
5.1b3
5.1b4
5.1rc1
5.1rc2
5.1.0
5.1.1
5.1.2
5.1.3
5.1.4
5.1.5
5.1.6
5.1.7
5.2a1
5.2a2
5.2b1
5.2rc1
5.2rc2
5.2rc3
5.2rc4
5.2rc5
5.2.0
5.2.1
PyPI / plone-app-contenttypes
Package
- Name
- plone-app-contenttypes
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone-app-contenttypes
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.0b1
1.0b2
1.0rc1
1.0
1.1a1
1.1b1
1.1b2
1.1b3
1.1b4
1.1b5
1.1b6
1.1
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.2a1
1.2a2
1.2a3
1.2a4
1.2a5
1.2a6
1.2a7
1.2a8
1.2a9
1.2b1
1.2b2
1.2b3
1.2b4
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.2.10
1.2.11
1.2.12
1.2.13
1.2.14
1.2.15
1.2.16
1.2.17
1.2.18
1.2.19
1.2.20
1.2.21
1.2.22
1.2.23
1.2.24
1.2.25
1.2.26
1.2.27
1.3.0
1.4
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.4.9
1.4.10
1.4.11
1.4.12
1.4.13
1.4.14
1.4.15
1.4.16
1.4.17
1.4.18
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.10
2.2.0
2.2.1
2.2.2
2.2.3
3.*
3.0.0a1
3.0.0a2
3.0.0a3
3.0.0a4
3.0.0a5
3.0.0a6
3.0.0a7
3.0.0a8
3.0.0a9
3.0.0a10
3.0.0a11
3.0.0a12
3.0.0a13
3.0.0b1
3.0.0b2
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
4.*
4.0.0