Lucene search

PRIOn knowledge basePRION:CVE-2020-7941

HistoryJan 23, 2020 - 9:15 p.m.

Privilege escalation

2020-01-2321:15:00

PRIOn knowledge base

www.prio-n.com

9.5 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.7%

JSON

A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.

CPENameOperatorVersion
plonege4.3.0
plonele5.2.1

CPE	Name	Operator	Version
	plone	ge	4.3.0
	plone	le	5.2.1

References

www.openwall.com/lists/oss-security/2020/01/24/1

plone.org/security/hotfix/20200121

plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content

www.openwall.com/lists/oss-security/2020/01/22/1