Vulnerabilities > CVE-2024-23756 - Unspecified vulnerability in Plone 5.2.13

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

plone

NVD

Published: 2024-02-08

Updated: 2024-02-15

Summary

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them.

Vulnerable Configurations

Part	Description	Count
Application	Plone Plone Plone 5.2.13	1

References

https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23756