Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02aDh4LTczZngtcTJoOc4AAb6U
Chameleon in Plone allows Authentication Bypass
Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.
Permalink: https://github.com/advisories/GHSA-6h8x-73fx-q2h9JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02aDh4LTczZngtcTJoOc4AAb6U
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 6 months ago
CVSS Score: 4.9
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Identifiers: GHSA-6h8x-73fx-q2h9, CVE-2016-4043
References:
- https://nvd.nist.gov/vuln/detail/CVE-2016-4043
- https://plone.org/security/hotfix/20160419/bypass-restricted-python
- http://www.openwall.com/lists/oss-security/2016/04/20/3
- https://github.com/advisories/GHSA-6h8x-73fx-q2h9
Affected Packages
pypi:Plone
Dependent packages: 5Dependent repositories: 7
Downloads: 7,986 last month
Affected Version Ranges: = 5.1a1, >= 5.0rc1, <= 5.0.4
No known fixed version
All affected versions: 3.2.1, 3.2.2, 3.2.3, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.3.9, 4.3.10, 4.3.11, 4.3.12, 4.3.13, 4.3.14, 4.3.15, 4.3.16, 4.3.17, 4.3.18, 4.3.19, 4.3.20, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9, 5.2.10, 5.2.11, 5.2.12, 5.2.13, 5.2.14, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11