Main Vulnerability Database Vulnerabilities #VU39623

#VU39623 Permissions, Privileges, and Access Controls in Plone - CVE-2016-4043

Published: February 24, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU39623

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2016-4043

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Plone

Software vendor:
Plone

Description

The vulnerability allows a remote privileged user to manipulate data.

Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.

Remediation

Install update from vendor's website.

External links

http://www.openwall.com/lists/oss-security/2016/04/20/3
https://plone.org/security/hotfix/20160419/bypass-restricted-python

#VU39623 Permissions, Privileges, and Access Controls in Plone - CVE-2016-4043

Description

Remediation

External links

Please verify you're human