Zurück zur CVE-Übersicht
CVE-2013-4191
MEDIUM(5.8)AV:N/AC:M/Au:N/C:P/I:P/A:N
Risk Signal Score15/100 — NIEDRIG
- CVSS 5.8 — Mittel
EPSS-Score
0%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
5.8
Technische Schwere
Beschreibung
zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to obtain sensitive information by reading a generated archive.
Referenzen
- http://plone.org/products/plone-hotfix/releases/20130618
- http://plone.org/products/plone/security/advisories/20130618-announcement
- http://seclists.org/oss-sec/2013/q3/261
- https://bugzilla.redhat.com/show_bug.cgi?id=978453
- http://plone.org/products/plone-hotfix/releases/20130618
- http://plone.org/products/plone/security/advisories/20130618-announcement
- http://seclists.org/oss-sec/2013/q3/261
- https://bugzilla.redhat.com/show_bug.cgi?id=978453