CVE-2020-7938
published 2020-01-23CVE-2020-7938: plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level.
PriorityP344high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.46%
70.3th percentile
plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| plone | plone | >= 5.2.0 < 5.2.2 | 5.2.2 |
| plone | plone | 5.2.0 – 5.2.1 | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Plone Privilege Escallation
osv·2022-05-24
CVE-2020-7938 [HIGH] Plone Privilege Escallation
Plone Privilege Escallation
plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level.
GHSA
Plone Privilege Escallation
ghsa·2022-05-24
CVE-2020-7938 [HIGH] CWE-269 Plone Privilege Escallation
Plone Privilege Escallation
plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level.
OSV
CVE-2020-7938: plone
osv·2020-01-23
CVE-2020-7938 CVE-2020-7938: plone
plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level.
Red Hat
plone: privilege escalation in plone.restapi
vendor_redhat·2020-01-23·CVSS 8.8
CVE-2020-7938 [HIGH] CWE-284 plone: privilege escalation in plone.restapi
plone: privilege escalation in plone.restapi
plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level.
A flaw was found in Plone in versions 5.2.0 through 5.2.1. Users with a certain privilege level can escalate their privileges up to the highest privilege level when the site is using plone.restapi. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Package: conga (Red Hat Enterprise Linux 5) - Out of support scope
No detection rules found.
No public exploits indexed.
http://www.openwall.com/lists/oss-security/2020/01/24/1https://plone.org/security/hotfix/20200121https://plone.org/security/hotfix/20200121/privilege-escalation-when-plone-restapi-is-installedhttps://www.openwall.com/lists/oss-security/2020/01/22/1http://www.openwall.com/lists/oss-security/2020/01/24/1https://plone.org/security/hotfix/20200121https://plone.org/security/hotfix/20200121/privilege-escalation-when-plone-restapi-is-installedhttps://www.openwall.com/lists/oss-security/2020/01/22/1
2020-01-23
Published