Lucene search

GitHub Advisory DatabaseGHSA-RG52-J87W-PF83

HistoryMay 17, 2022 - 4:41 a.m.

Plone Filesystem path information leak

2022-05-1704:41:01

CWE-200

GitHub Advisory Database

github.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.3%

JSON

Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope.

Affected configurations

Vulners

Node

ploneploneRange3.3≥

ploneploneRange≤4.3.2

CPENameOperatorVersion
plonege3.3
plonele4.3.2

CPE	Name	Operator	Version
	plone	ge	3.3
	plone	le	4.3.2

References

www.openwall.com/lists/oss-security/2013/12/10/15

www.openwall.com/lists/oss-security/2013/12/12/3

github.com/advisories/GHSA-rg52-j87w-pf83

github.com/plone/Products.CMFPlone/blob/b08a45bc12b1bd42411f1130a487a7a242349ea0/Products/CMFPlone/FactoryTool.py#L272-L274

nvd.nist.gov/vuln/detail/CVE-2013-7060

plone.org/security/20131210/path-leak

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.3%

JSON

Related for GHSA-RG52-J87W-PF83