Description

Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors.

Remediation

References

CVE-2013-4189

Related Vulnerabilities

Apache Tomcat Incorrect Authorization Vulnerability (CVE-2016-6797)

Oracle Database Server CVE-2019-2909 Vulnerability (CVE-2019-2909)

Liferay DXP Incorrect Default Permissions Vulnerability (CVE-2021-38268)

MySQL CVE-2021-2300 Vulnerability (CVE-2021-2300)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1570)

Severity

Medium

Classification

CVE-2013-4189

Tags

Missing Update Known Vulnerabilities