ID CVE-2013-4189
Summary Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors.
References
Vulnerable Configurations
  • Plone 4.0
    cpe:2.3:a:plone:plone:4.0
  • Plone 4.0.1
    cpe:2.3:a:plone:plone:4.0.1
  • Plone 4.0.2
    cpe:2.3:a:plone:plone:4.0.2
  • Plone 4.0.3
    cpe:2.3:a:plone:plone:4.0.3
  • Plone 4.0.4
    cpe:2.3:a:plone:plone:4.0.4
  • Plone 4.0.5
    cpe:2.3:a:plone:plone:4.0.5
  • Plone 4.0.6.1
    cpe:2.3:a:plone:plone:4.0.6.1
  • Plone 4.1
    cpe:2.3:a:plone:plone:4.1
  • Plone 3.0
    cpe:2.3:a:plone:plone:3.0
  • Plone 3.0.1
    cpe:2.3:a:plone:plone:3.0.1
  • Plone 3.0.2
    cpe:2.3:a:plone:plone:3.0.2
  • Plone 3.0.3
    cpe:2.3:a:plone:plone:3.0.3
  • Plone 3.0.4
    cpe:2.3:a:plone:plone:3.0.4
  • Plone 3.0.5
    cpe:2.3:a:plone:plone:3.0.5
  • Plone 3.0.6
    cpe:2.3:a:plone:plone:3.0.6
  • Plone 3.1
    cpe:2.3:a:plone:plone:3.1
  • Plone 3.1.1
    cpe:2.3:a:plone:plone:3.1.1
  • Plone 3.1.2
    cpe:2.3:a:plone:plone:3.1.2
  • Plone 3.1.3
    cpe:2.3:a:plone:plone:3.1.3
  • Plone 3.1.4
    cpe:2.3:a:plone:plone:3.1.4
  • Plone 3.1.5.1
    cpe:2.3:a:plone:plone:3.1.5.1
  • Plone 3.1.6
    cpe:2.3:a:plone:plone:3.1.6
  • Plone 3.1.7
    cpe:2.3:a:plone:plone:3.1.7
  • Plone 3.2
    cpe:2.3:a:plone:plone:3.2
  • Plone 3.2.1
    cpe:2.3:a:plone:plone:3.2.1
  • Plone 3.2.2
    cpe:2.3:a:plone:plone:3.2.2
  • Plone 3.2.3
    cpe:2.3:a:plone:plone:3.2.3
  • Plone 3.3
    cpe:2.3:a:plone:plone:3.3
  • Plone 3.3.1
    cpe:2.3:a:plone:plone:3.3.1
  • Plone 3.3.2
    cpe:2.3:a:plone:plone:3.3.2
  • Plone 3.3.3
    cpe:2.3:a:plone:plone:3.3.3
  • Plone 3.3.4
    cpe:2.3:a:plone:plone:3.3.4
  • Plone 3.3.5
    cpe:2.3:a:plone:plone:3.3.5
  • Plone 2.5
    cpe:2.3:a:plone:plone:2.5
  • Plone 2.5.1
    cpe:2.3:a:plone:plone:2.5.1
  • Plone 2.5.2
    cpe:2.3:a:plone:plone:2.5.2
  • Plone 2.5.3
    cpe:2.3:a:plone:plone:2.5.3
  • Plone 2.5.4
    cpe:2.3:a:plone:plone:2.5.4
  • Plone 2.5.5
    cpe:2.3:a:plone:plone:2.5.5
  • Plone 2.1
    cpe:2.3:a:plone:plone:2.1
  • Plone 2.1.1
    cpe:2.3:a:plone:plone:2.1.1
  • Plone 2.1.2
    cpe:2.3:a:plone:plone:2.1.2
  • Plone 2.1.3
    cpe:2.3:a:plone:plone:2.1.3
  • Plone 2.1.4
    cpe:2.3:a:plone:plone:2.1.4
  • Plone 4.2
    cpe:2.3:a:plone:plone:4.2
  • Plone 4.2.1
    cpe:2.3:a:plone:plone:4.2.1
  • Plone 4.2.2
    cpe:2.3:a:plone:plone:4.2.2
  • Plone 4.2.3
    cpe:2.3:a:plone:plone:4.2.3
  • Plone 4.2.4
    cpe:2.3:a:plone:plone:4.2.4
  • Plone 4.2.5
    cpe:2.3:a:plone:plone:4.2.5
  • Plone 4.3
    cpe:2.3:a:plone:plone:4.3
  • Plone 4.3.1
    cpe:2.3:a:plone:plone:4.3.1
CVSS
Base: 6.5 (as of 11-03-2014 - 21:02)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
refmap via4
confirm
mlist [oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)
Last major update 11-03-2014 - 21:02
Published 11-03-2014 - 15:37
Back to Top