FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

plone -- Remote Security Bypass

Affected packages
2.5 <= plone < 3
3 <= plone3 <= 3.3

Details

VuXML ID 7c492ea2-3566-11e0-8e81-0022190034c0
Discovery 2011-02-02
Entry 2011-02-10

Plone developer reports:

This is an escalation of privileges attack that can be used by anonymous users to gain access to a Plone site's administration controls, view unpublished content, create new content and modify a site's skin. The sandbox protecting access to the underlying system is still in place, and it does not grant access to other applications running on the same Zope instance.

[source]

References

Bugtraq ID 46102
CVE Name CVE-2011-0720
URL http://plone.org/products/plone/security/advisories/cve-2011-0720

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.