CVE-2024-23756

Name of the Vulnerable Software and Affected Versions Plone Docker version 5.2.13 (5221)

Description The issue is related to the absence of a mechanism to prevent unintended changes to resources when processing requests. This allows unauthenticated attackers to execute dangerous actions, such as uploading files to the server or deleting them, using the HTTP PUT and DELETE methods.

Recommendations For Plone Docker version 5.2.13 (5221), consider disabling the HTTP PUT and DELETE methods to prevent exploitation until a patch is available. Restrict access to the server to minimize the risk of unauthorized file uploads or deletions.