Lucene search

K
nvd[email protected]NVD:CVE-2024-23756
HistoryFeb 08, 2024 - 9:15 p.m.

CVE-2024-23756

2024-02-0821:15:08
web.nvd.nist.gov
plone
docker
http
put
delete
security
vulnerability
unauthenticated
attackers
file uploading
server
deletion

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.0005 Low

EPSS

Percentile

17.8%

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them.

Affected configurations

NVD
Node
ploneploneMatch5.2.13

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.0005 Low

EPSS

Percentile

17.8%

Related for NVD:CVE-2024-23756