Vulnerabilities > CVE-2020-7941 - Unspecified vulnerability in Plone

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

plone

critical

NVD

Published: 2020-01-23

Updated: 2021-07-21

Summary

A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.

Vulnerable Configurations

Part	Description	Count
Application	Plone Plone Plone 4.3.0 Plone Plone 4.3.1 Plone Plone 4.3.2 Plone Plone 4.3.3 Plone Plone 4.3.4 Plone Plone 4.3.5 Plone Plone 4.3.6 Plone Plone 4.3.7 Plone Plone 4.3.8 Plone Plone 4.3.9 Plone Plone 4.3.10 Plone Plone 4.3.11 Plone Plone 4.3.12 Plone Plone 4.3.13 Plone Plone 4.3.14 Plone Plone 4.3.15 Plone Plone 4.3.16 Plone Plone 4.3.17 Plone Plone 4.3.18 Plone Plone 4.3.19 Plone Plone 4.3.20 Plone Plone 5.0 Plone Plone 5.0.1 Plone Plone 5.0.2 Plone Plone 5.0.3 Plone Plone 5.0.4 Plone Plone 5.0.5 Plone Plone 5.0.6 Plone Plone 5.0.7 Plone Plone 5.0.8 Plone Plone 5.0.9 Plone Plone 5.0.10 Plone Plone 5.1 Plone Plone 5.1.1 Plone Plone 5.1.2 Plone Plone 5.1.3 Plone Plone 5.1.4 Plone Plone 5.1.5 Plone Plone 5.1.6 Plone Plone 5.1.7 Plone Plone 5.1A1 Plone Plone 5.1A2 Plone Plone 5.1B2 Plone Plone 5.1B3 Plone Plone 5.1B4 Plone Plone 5.1Rc1 Plone Plone 5.1Rc2 Plone Plone 5.2 Plone Plone 5.2.0 Plone Plone 5.2.1	73

Summary

Vulnerable Configurations

References