CVE-2020-7941

EUVD-2020-0148
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
Affected Products (NVD)
VendorProductVersion
ploneplone
4.3.0 ≤
𝑥
≤ 5.2.1
𝑥
= Vulnerable software versions
References
http://www.openwall.com/lists/oss-security/2020/01/24/1
https://plone.org/security/hotfix/20200121
https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content
https://www.openwall.com/lists/oss-security/2020/01/22/1
http://www.openwall.com/lists/oss-security/2020/01/24/1
https://plone.org/security/hotfix/20200121
https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content
https://www.openwall.com/lists/oss-security/2020/01/22/1