PT-2011-4819 · Plone Foundation · Plone+1
Published
2011-10-10
·
Updated
2022-05-17
·
CVE-2011-4030
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Plone versions 4.0.x through 4.0.9
Plone version 4.1
Plone versions 4.2 through 4.2a2
CMFEditions component version 2.x
Description
The issue allows remote attackers to access sub-objects via unspecified vectors because the CMFEditions component does not prevent the KwAsAttributes classes from being publishable.
Recommendations
For Plone versions 4.0.x through 4.0.9, consider restricting access to the CMFEditions component until a fix is available.
For Plone version 4.1, restrict access to the CMFEditions component until a fix is available.
For Plone versions 4.2 through 4.2a2, restrict access to the CMFEditions component until a fix is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cmfeditions
Plone