A privilege escalation flaw was found in plone in versions 4.3 through 5.2.1. Users are allowed to PUT (overwrite) some content without needing write permissions. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.