Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1jamczLXEyNGgtOXF3Zs4AAjY0

High CVSS: 8.7 EPSS: 0.00628% (0.6908 Percentile) EPSS:
Permalink JSON

Plone Privilege Escallation

Affected Packages Affected Versions Fixed Versions
pypi:Plone >= 5.2.0, < 5.2.2 5.2.2
5 Dependent packages
7 Dependent repositories
14,728 Downloads last month

Affected Version Ranges

All affected versions

5.2.0, 5.2.1

All unaffected versions

3.2.1, 3.2.2, 3.2.3, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.3.9, 4.3.10, 4.3.11, 4.3.12, 4.3.13, 4.3.14, 4.3.15, 4.3.16, 4.3.17, 4.3.18, 4.3.19, 4.3.20, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9, 5.2.10, 5.2.11, 5.2.12, 5.2.13, 5.2.14, 5.2.15, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.1.0, 6.1.1, 6.1.2
pypi:plone.restapi < 6.2.1 6.2.1
56 Dependent packages
141 Dependent repositories
20,970 Downloads last month

Affected Version Ranges

All affected versions

1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.5.0, 1.6.0, 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.2.1, 3.0.0, 3.1.0, 3.2.0, 3.2.1, 3.2.2, 3.3.0, 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.4.4, 3.4.5, 3.5.0, 3.5.1, 3.5.2, 3.6.0, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.7.4, 3.7.5, 3.8.0, 3.8.1, 3.9.0, 4.0.0, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.2.0, 4.3.0, 4.3.1, 4.4.0, 4.5.0, 4.5.1, 4.6.0, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1.0, 6.0.0, 6.1.0, 6.2.0

All unaffected versions

6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.3.0, 6.4.0, 6.4.1, 6.5.0, 6.5.1, 6.5.2, 6.6.0, 6.6.1, 6.7.0, 6.8.0, 6.8.1, 6.9.0, 6.9.1, 6.10.0, 6.11.0, 6.12.0, 6.13.0, 6.13.1, 6.13.2, 6.13.3, 6.13.4, 6.13.5, 6.13.6, 6.13.7, 6.13.8, 6.14.0, 6.15.0, 6.15.1, 7.0.0, 7.1.0, 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.7, 7.3.8, 7.4.0, 7.4.1, 7.5.0, 7.6.0, 7.7.0, 7.7.1, 7.8.0, 7.8.1, 7.8.2, 7.8.3, 7.9.0, 7.9.1, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.3.1, 8.3.2, 8.4.0, 8.4.1, 8.5.0, 8.6.0, 8.6.1, 8.7.0, 8.7.1, 8.8.0, 8.8.1, 8.9.0, 8.9.1, 8.10.0, 8.11.0, 8.12.0, 8.12.1, 8.13.0, 8.14.0, 8.15.0, 8.15.1, 8.15.2, 8.15.3, 8.16.0, 8.16.1, 8.16.2, 8.17.0, 8.18.0, 8.18.1, 8.19.0, 8.20.0, 8.21.0, 8.21.1, 8.21.2, 8.22.0, 8.23.0, 8.24.0, 8.24.1, 8.25.0, 8.25.1, 8.26.0, 8.27.0, 8.28.0, 8.29.0, 8.30.0, 8.31.0, 8.32.0, 8.32.1, 8.32.2, 8.32.3, 8.32.4, 8.32.5, 8.32.6, 8.33.0, 8.33.1, 8.33.2, 8.33.3, 8.34.0, 8.35.0, 8.35.1, 8.35.2, 8.35.3, 8.36.0, 8.36.1, 8.37.0, 8.38.0, 8.39.0, 8.39.1, 8.39.2, 8.40.0, 8.41.0, 8.42.0, 8.42.1, 8.43.0, 8.43.1, 8.43.2, 8.43.3, 9.0.0, 9.1.0, 9.1.1, 9.1.2, 9.2.0, 9.2.1, 9.3.0, 9.4.0, 9.4.1, 9.4.2, 9.5.0, 9.6.0, 9.6.1, 9.7.0, 9.7.1, 9.7.2, 9.8.0, 9.8.1, 9.8.2, 9.8.3, 9.8.4, 9.8.5, 9.9.0, 9.10.0, 9.11.0, 9.12.0, 9.13.0, 9.13.1, 9.13.2, 9.13.3, 9.13.4, 9.13.5, 9.14.0, 9.15.0, 9.15.1

plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level.

References:

Identifiers

GHSA-cjg3-q24h-9qwf

CVE-2020-7938

Risk

Severity

High

CVSS

CVSS Score: 8.7

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS

EPSS Percentage: 0.00628

EPSS Percentile: 0.6908

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/plone/plone.restapi

Date and time

Published

about 3 years ago

Updated

9 months ago

API

JSON