CVE-2020-28735
published 2020-12-30CVE-2020-28735: Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).
PriorityP345high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.07%
60.5th percentile
Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| plone | plone | < 5.2.3 | 5.2.3 |
| plone | plone | >= 0 < 5.2.3 | 5.2.3 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
SSRF attacks via tracebacks in Plone
osv·2021-04-07
CVE-2020-28735 [HIGH] SSRF attacks via tracebacks in Plone
SSRF attacks via tracebacks in Plone
Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).
GHSA
SSRF attacks via tracebacks in Plone
ghsa·2021-04-07
CVE-2020-28735 [HIGH] CWE-918 SSRF attacks via tracebacks in Plone
SSRF attacks via tracebacks in Plone
Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).
OSV
CVE-2020-28735: Plone before 5
osv·2020-12-30
CVE-2020-28735 CVE-2020-28735: Plone before 5
Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txthttps://github.com/plone/Products.CMFPlone/issues/3209https://www.misakikata.com/codes/plone/python-en.htmlhttps://dist.plone.org/release/5.2.3/RELEASE-NOTES.txthttps://github.com/plone/Products.CMFPlone/issues/3209https://www.misakikata.com/codes/plone/python-en.html
2020-12-30
Published