GSA_kwCzR0hTQS02aDh4LTczZngtcTJoOc4AAb6U

Moderate CVSS: 6.9 EPSS: 0.00139% (0.3453 Percentile) EPSS:

Permalink JSON

Chameleon in Plone allows Authentication Bypass

Affected Packages	Affected Versions	Fixed Versions
pypi:Plone PURL: `pkg:pypi/plone`	= 5.1a1, >= 5.0rc1, <= 5.0.4	No known fixed version
5 Dependent packages 7 Dependent repositories 19,637 Downloads last month Affected Version Ranges All affected versions 3.2.1, 3.2.2, 3.2.3, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.3.9, 4.3.10, 4.3.11, 4.3.12, 4.3.13, 4.3.14, 4.3.15, 4.3.16, 4.3.17, 4.3.18, 4.3.19, 4.3.20, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9, 5.2.10, 5.2.11, 5.2.12, 5.2.13, 5.2.14, 5.2.15, 6.0.0, 6.0.0a1, 6.0.0a2, 6.0.0a3, 6.0.0a4, 6.0.0a5, 6.0.0a6, 6.0.0b1, 6.0.0b2, 6.0.0b3, 6.0.0rc1, 6.0.0rc2, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.15rc1, 6.0.15rc2, 6.1.0, 6.1.0a1, 6.1.0a2, 6.1.0a3, 6.1.0a4, 6.1.0a5, 6.1.0b1, 6.1.0b2, 6.1.0rc1, 6.1.1, 6.1.1rc1, 6.1.1rc2, 6.1.2, 6.1.3

Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.

References:

Identifiers

GHSA-6h8x-73fx-q2h9

CVE-2016-4043

Risk

Severity

Moderate

CVSS

CVSS Score: 6.9

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS

EPSS Percentage: 0.00139

EPSS Percentile: 0.3453

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

over 3 years ago

Updated

2 days ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories