CVE-2011-0720
CRITICAL9.1EPSS 1.4%Plone Privilege Escalation Vulnerability
發布日:2022/5/17修改日:2024/12/4
描述
Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.
受影響套件(2)
- PyPI/plone>= 2.5, < 4.0.4
- PyPI/plonefrom 0, < 4.0.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | CRITICAL9.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
參考連結(18)
- ADVISORYhttp://secunia.com/advisories/43146
- ADVISORYhttp://secunia.com/advisories/43914
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2011-0720
- ADVISORYhttp://www.vupen.com/english/advisories/2011/0796
- PATCHhttps://github.com/plone/Plone
- WEBhttp://osvdb.org/70753
- WEBhttp://plone.org/products/plone/security/advisories/cve-2011-0720
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/65099
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-13.yaml
- WEBhttps://plone.org/products/plone-hotfix/releases/CVE-2011-0720/logchecker.py
- WEBhttps://seclists.org/fulldisclosure/2011/Apr/293
- WEBhttps://web.archive.org/web/20110505051314/http://secunia.com/advisories/43914
- WEBhttps://web.archive.org/web/20110826134658/http://secunia.com/advisories/43146
- WEBhttps://web.archive.org/web/20200229153953/http://www.securityfocus.com/bid/46102
- WEBhttp://www.redhat.com/support/errata/RHSA-2011-0393.html
- WEBhttp://www.redhat.com/support/errata/RHSA-2011-0394.html
- WEBhttp://www.securityfocus.com/bid/46102
- WEBhttp://www.securitytracker.com/id?1025258