CVE-2020-7941
published 2020-01-23CVE-2020-7941: A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.
PriorityP346critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.26%
80.8th percentile
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| plone | plone | >= 4.3 < 5.2.2 | 5.2.2 |
| plone | plone | 4.3 – 5.2.1 | — |
| plone | plone | 4.3.0 – 5.2.1 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Plone Unauthenticated Write Vulnerability
osv·2022-05-24
CVE-2020-7941 [CRITICAL] Plone Unauthenticated Write Vulnerability
Plone Unauthenticated Write Vulnerability
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.
GHSA
Plone Unauthenticated Write Vulnerability
ghsa·2022-05-24
CVE-2020-7941 [CRITICAL] CWE-269 Plone Unauthenticated Write Vulnerability
Plone Unauthenticated Write Vulnerability
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.
OSV
CVE-2020-7941: A privilege escalation issue in plone
osv·2020-01-23
CVE-2020-7941 CVE-2020-7941: A privilege escalation issue in plone
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.
Red Hat
plone: privilege escalation for overwriting content without needing write permission
vendor_redhat·2020-01-23·CVSS 9.8
CVE-2020-7941 [CRITICAL] CWE-284 plone: privilege escalation for overwriting content without needing write permission
plone: privilege escalation for overwriting content without needing write permission
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.
A privilege escalation flaw was found in plone in versions 4.3 through 5.2.1. Users are allowed to PUT (overwrite) some content without needing write permissions. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Package: conga (Red Hat Enterprise Linux 5) - Out of support scope
No detection rules found.
No public exploits indexed.
http://www.openwall.com/lists/oss-security/2020/01/24/1https://plone.org/security/hotfix/20200121https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-contenthttps://www.openwall.com/lists/oss-security/2020/01/22/1http://www.openwall.com/lists/oss-security/2020/01/24/1https://plone.org/security/hotfix/20200121https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-contenthttps://www.openwall.com/lists/oss-security/2020/01/22/1
2020-01-23
Published