CVE-2017-5524

Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
ploneplone
4.0
ploneplone
4.0.1
ploneplone
4.0.2
ploneplone
4.0.3
ploneplone
4.0.4
ploneplone
4.0.5
ploneplone
4.0.7
ploneplone
4.0.8
ploneplone
4.0.9
ploneplone
4.0.10
ploneplone
4.1
ploneplone
4.1.1
ploneplone
4.1.2
ploneplone
4.1.3
ploneplone
4.1.4
ploneplone
4.1.5
ploneplone
4.1.6
ploneplone
4.2
ploneplone
4.2.1
ploneplone
4.2.2
ploneplone
4.2.3
ploneplone
4.2.4
ploneplone
4.2.5
ploneplone
4.2.6
ploneplone
4.2.7
ploneplone
4.3
ploneplone
4.3.1
ploneplone
4.3.2
ploneplone
4.3.3
ploneplone
4.3.4
ploneplone
4.3.5
ploneplone
4.3.6
ploneplone
4.3.7
ploneplone
4.3.8
ploneplone
4.3.9
ploneplone
4.3.10
ploneplone
4.3.11
ploneplone
5.0
ploneplone
5.0:rc1
ploneplone
5.0:rc2
ploneplone
5.0:rc3
ploneplone
5.0.1
ploneplone
5.0.2
ploneplone
5.0.3
ploneplone
5.0.4
ploneplone
5.0.5
ploneplone
5.0.6
ploneplone
5.1:a1
ploneplone
5.1:a2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2017/01/18/6
http://www.securityfocus.com/bid/95679
https://plone.org/security/hotfix/20170117/sandbox-escape
http://www.openwall.com/lists/oss-security/2017/01/18/6
http://www.securityfocus.com/bid/95679
https://plone.org/security/hotfix/20170117/sandbox-escape