Lucene search
HistoryMar 11, 2014 - 7:37 p.m.
CVE-2013-4191
cve-2013-4191
plone
zip.py
access restrictions
sensitive information
nvd
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
6.3 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
71.2%
zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to obtain sensitive information by reading a generated archive.
Affected configurations
Node
ploneploneMatch4.3
ORploneploneMatch4.3.1
Node
ploneploneMatch4.2
ORploneploneMatch4.2.1
ORploneploneMatch4.2.2
ORploneploneMatch4.2.3
ORploneploneMatch4.2.4
ORploneploneMatch4.2.5
Node
ploneploneMatch2.1
ORploneploneMatch2.1.1
ORploneploneMatch2.1.2
ORploneploneMatch2.1.3
ORploneploneMatch2.1.4
ORploneploneMatch2.5
ORploneploneMatch2.5.1
ORploneploneMatch2.5.2
ORploneploneMatch2.5.3
ORploneploneMatch2.5.4
ORploneploneMatch2.5.5
ORploneploneMatch3.0
ORploneploneMatch3.0.1
ORploneploneMatch3.0.2
ORploneploneMatch3.0.3
ORploneploneMatch3.0.4
ORploneploneMatch3.0.5
ORploneploneMatch3.0.6
ORploneploneMatch3.1
ORploneploneMatch3.1.1
ORploneploneMatch3.1.2
ORploneploneMatch3.1.3
ORploneploneMatch3.1.4
ORploneploneMatch3.1.5.1
ORploneploneMatch3.1.6
ORploneploneMatch3.1.7
ORploneploneMatch3.2
ORploneploneMatch3.2.1
ORploneploneMatch3.2.2
ORploneploneMatch3.2.3
ORploneploneMatch3.3
ORploneploneMatch3.3.1
ORploneploneMatch3.3.2
ORploneploneMatch3.3.3
ORploneploneMatch3.3.4
ORploneploneMatch3.3.5
ORploneploneMatch4.0
ORploneploneMatch4.0.1
ORploneploneMatch4.0.2
ORploneploneMatch4.0.3
ORploneploneMatch4.0.4
ORploneploneMatch4.0.5
ORploneploneMatch4.0.6.1
ORploneploneMatch4.1
| CPE | Name | Operator | Version |
|---|---|---|---|
| plone:plone | plone | eq | 4.3 |
| plone:plone | plone | eq | 4.3.1 |
Related
nvd
nvd
CVE-2013-4191
2014-03-11 19:37:02
osv
osv
Plone is vulnerable to Information Exposure when generating zip archives
2022-05-17 04:49:45
PYSEC-2014-55
2014-03-11 19:37:00
github
github
Plone is vulnerable to Information Exposure when generating zip archives
2022-05-17 04:49:45
prion
prion
Design/Logic Flaw
2014-03-11 19:37:00
cvelist
cvelist
CVE-2013-4191
2014-03-11 15:00:00
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
6.3 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
71.2%
Related for CVE-2013-4191