A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.
www.openwall.com/lists/oss-security/2020/01/24/1
github.com/plone/plone.app.contenttypes
github.com/plone/plone.app.contenttypes/blob/master/CHANGES.rst?plain=1#L372-L374
nvd.nist.gov/vuln/detail/CVE-2020-7941
plone.org/security/hotfix/20200121
plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content
www.openwall.com/lists/oss-security/2020/01/22/1