GitHub Advisory DatabaseGHSA-P6H9-HPCG-C6GMHigh severity vulnerability that affects Plone and Zope2
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.019 Low
EPSS
Percentile
88.6%
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a “highly serious vulnerability.” NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.
Affected configurations
References
plone.org/products/plone-hotfix/releases/20110622
plone.org/products/plone/security/advisories/20110622
secunia.com/advisories/45056
secunia.com/advisories/45111
www.openwall.com/lists/oss-security/2011/07/04/6
www.openwall.com/lists/oss-security/2011/07/12/9
bugzilla.redhat.com/show_bug.cgi?id=718824
github.com/advisories/GHSA-p6h9-hpcg-c6gm
mail.zope.org/pipermail/zope-announce/2011-June/002260.html
nvd.nist.gov/vuln/detail/CVE-2011-2528
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.019 Low
EPSS
Percentile
88.6%