CVE-2016-7135

Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
ploneplone
4.2
ploneplone
4.2.1
ploneplone
4.2.2
ploneplone
4.2.3
ploneplone
4.2.4
ploneplone
4.2.5
ploneplone
4.2.6
ploneplone
4.2.7
ploneplone
4.3
ploneplone
4.3.1
ploneplone
4.3.2
ploneplone
4.3.3
ploneplone
4.3.4
ploneplone
4.3.5
ploneplone
4.3.6
ploneplone
4.3.7
ploneplone
4.3.8
ploneplone
4.3.9
ploneplone
4.3.10
ploneplone
4.3.11
ploneplone
5.0
ploneplone
5.0:a1
ploneplone
5.0:rc1
ploneplone
5.0:rc2
ploneplone
5.0:rc3
ploneplone
5.0.1
ploneplone
5.0.2
ploneplone
5.0.3
ploneplone
5.0.4
ploneplone
5.0.5
ploneplone
5.0.6
ploneplone
5.1a1:a1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
http://seclists.org/fulldisclosure/2016/Oct/80
http://www.openwall.com/lists/oss-security/2016/09/05/4
http://www.openwall.com/lists/oss-security/2016/09/05/5
http://www.securityfocus.com/archive/1/539572/100/0/threaded
http://www.securityfocus.com/bid/92752
https://plone.org/security/hotfix/20160830/filesystem-information-leak
http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
http://seclists.org/fulldisclosure/2016/Oct/80
http://www.openwall.com/lists/oss-security/2016/09/05/4
http://www.openwall.com/lists/oss-security/2016/09/05/5
http://www.securityfocus.com/archive/1/539572/100/0/threaded
http://www.securityfocus.com/bid/92752
https://plone.org/security/hotfix/20160830/filesystem-information-leak