CVE-2011-0720
published 2011-02-03CVE-2011-0720: Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.17%
86.4th percentile
Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.
Affected
72 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
ghsa7.5HIGH
osv7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
plone: privilege escalation vulnerability
vendor_redhat·2011-06-28·CVSS 7.5
CVE-2011-2528 [HIGH] CWE-284 plone: privilege escalation vulnerability
plone: privilege escalation vulnerability
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.
Package: conga (Red Hat Enterprise Linux 5) - Not affected
Package: luci (Red Hat Enterprise Linux 6) - Not affected
Red Hat
plone: unauthorized remote administrative access
vendor_redhat·2011-02-03·CVSS 7.5
CVE-2011-0720 [HIGH] CWE-284 plone: unauthorized remote administrative access
plone: unauthorized remote administrative access
Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.
Package: conga (Red Hat Enterprise Linux 5) - Affected
Package: luci (Red Hat Enterprise Linux 6) - Not affected
OSV
Plone Privilege Escalation Vulnerability
osv·2022-05-17
CVE-2011-0720 [CRITICAL] Plone Privilege Escalation Vulnerability
Plone Privilege Escalation Vulnerability
Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.
GHSA
Plone Privilege Escalation Vulnerability
ghsa·2022-05-17
CVE-2011-0720 [CRITICAL] Plone Privilege Escalation Vulnerability
Plone Privilege Escalation Vulnerability
Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.
OSV
High severity vulnerability that affects Plone and Zope2
osv·2018-07-23·CVSS 7.5
CVE-2011-2528 [HIGH] High severity vulnerability that affects Plone and Zope2
High severity vulnerability that affects Plone and Zope2
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.
GHSA
High severity vulnerability that affects Plone and Zope2
ghsa·2018-07-23·CVSS 7.5
CVE-2011-2528 [HIGH] High severity vulnerability that affects Plone and Zope2
High severity vulnerability that affects Plone and Zope2
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.
OSV
CVE-2011-2528: Unspecified vulnerability in (1) Zope 2
osv·2011-07-19·CVSS 7.5
CVE-2011-2528 [HIGH] CVE-2011-2528: Unspecified vulnerability in (1) Zope 2
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.
OSV
CVE-2011-0720: Unspecified vulnerability in Plone 2
osv·2011-02-03
CVE-2011-0720 CVE-2011-0720: Unspecified vulnerability in Plone 2
Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-2528 plone: privilege escalation vulnerability
bugzilla·2011-07-04·CVSS 7.5
CVE-2011-2528 [HIGH] CVE-2011-2528 plone: privilege escalation vulnerability
CVE-2011-2528 plone: privilege escalation vulnerability
It was reported [1] that Plone suffers from a vulnerability that can be exploited to bypass certain security restrictions. This is due to a vulnerable bundled version of Zope.
Plone 3.x users that backported the fix for CVE-2011-0720 (PloneHotfix20110720) are affected due to the vulnerability being inadvertently backported via the hotfix.
A new hotfix (20110622) is available [2] to correct the flaw.
[1] http://plone.org/products/plone/security/advisories/20110622
[2] http://plone.org/products/plone-hotfix/releases/20110622
Discussion:
Created luci tracking bugs for this issue
Affects: fedora-all [bug 718829]
---
Created plone tracking bugs for this issue
Affects: epel-5 [bug 711497]
---
Also note the affects on Zope 2.12/2
Bugzilla
CVE-2011-0720 plone: unauthorized remote administrative access [epel-5]
bugzilla·2011-03-31·CVSS 7.5
CVE-2011-0720 [HIGH] CVE-2011-0720 plone: unauthorized remote administrative access [epel-5]
CVE-2011-0720 plone: unauthorized remote administrative access [epel-5]
epel-5 tracking bug for plone: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
Opened a task for EPEL RELENG to take action against this package.
https://fedorahosted.org/rel-eng/ticket/5958
---
Plone is retired in EPEL5 now and I untagged all builds in dist-5E-epel, so it should not be shipped after the next compose.
Bugzilla
CVE-2011-0720 plone: unauthorized remote administrative access [fedora-all]
bugzilla·2011-03-31·CVSS 7.5
CVE-2011-0720 [HIGH] CVE-2011-0720 plone: unauthorized remote administrative access [fedora-all]
CVE-2011-0720 plone: unauthorized remote administrative access [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=676961
Please note: this issue affects multipl
Bugzilla
CVE-2011-0720 plone: unauthorized remote administrative access
bugzilla·2011-02-12·CVSS 7.5
CVE-2011-0720 [HIGH] CVE-2011-0720 plone: unauthorized remote administrative access
CVE-2011-0720 plone: unauthorized remote administrative access
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-0720 to
the following vulnerability:
Name: CVE-2011-0720
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0720
Assigned: 20110131
Reference: http://plone.org/products/plone/security/advisories/cve-2011-0720
Reference: http://www.securityfocus.com/bid/46102
Reference: http://secunia.com/advisories/43146
Reference: http://xforce.iss.net/xforce/xfdb/65099
Unspecified vulnerability in Plone 2.5 through 4.0 allows remote
attackers to obtain administrative access, read or create arbitrary
content, and change the site skin via unknown vectors.
The hotfix for this issue is available here: http://plone.org/products/plone-hotfix/releases/CVE-2011-0720/
S
http://osvdb.org/70753http://plone.org/products/plone/security/advisories/cve-2011-0720http://secunia.com/advisories/43146http://secunia.com/advisories/43914http://www.redhat.com/support/errata/RHSA-2011-0393.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0394.htmlhttp://www.securityfocus.com/bid/46102http://www.securitytracker.com/id?1025258http://www.vupen.com/english/advisories/2011/0796https://exchange.xforce.ibmcloud.com/vulnerabilities/65099http://osvdb.org/70753http://plone.org/products/plone/security/advisories/cve-2011-0720http://secunia.com/advisories/43146http://secunia.com/advisories/43914http://www.redhat.com/support/errata/RHSA-2011-0393.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0394.htmlhttp://www.securityfocus.com/bid/46102http://www.securitytracker.com/id?1025258http://www.vupen.com/english/advisories/2011/0796https://exchange.xforce.ibmcloud.com/vulnerabilities/65099
2011-02-03
Published