Vulnerabilities > CVE-2021-33926 - Server-Side Request Forgery (SSRF) vulnerability in Plone

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

plone

CWE-918

NVD

Published: 2023-02-17

Updated: 2023-03-02

Summary

An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.

Vulnerable Configurations

Part	Description	Count
Application	Plone Plone Plone 4.3.3 Plone Plone 4.3.11 Plone Plone 4.3.6 Plone Plone 5.0.1 Plone Plone 5.0.2 Plone Plone 5.0 Plone Plone 5.0.5 Plone Plone 4.3.5 Plone Plone 4.3.10 Plone Plone 5.0.3 Plone Plone 4.3 Plone Plone 5.0.6 Plone Plone 5.0.4 Plone Plone 4.3.4 Plone Plone 4.3.7 Plone Plone 4.3.8 Plone Plone 4.3.1 Plone Plone 4.3.9 Plone Plone 4.3.2 Plone Plone 4.3.14 Plone Plone 4.3.12 Plone Plone 5.0.8 Plone Plone 5.0.7 Plone Plone 4.3.15 Plone Plone 5.0.9 Plone Plone 5.2.3 Plone Plone 5.1Rc2 Plone Plone 5.1Rc1 Plone Plone 5.1B4 Plone Plone 5.1B3 Plone Plone 5.1B2 Plone Plone 5.1A2 Plone Plone 5.1A1 Plone Plone 5.1 Plone Plone 5.2.4 Plone Plone 5.2.2 Plone Plone 5.2.1 Plone Plone 5.2.0 Plone Plone 5.1.7 Plone Plone 5.1.6 Plone Plone 5.1.5 Plone Plone 5.1.4 Plone Plone 5.1.2 Plone Plone 5.1.1 Plone Plone 5.0.10 Plone Plone 4.3.19 Plone Plone 4.3.18 Plone Plone 4.3.17 Plone Plone 4.3.20	52

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References