Description

zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to obtain sensitive information by reading a generated archive.

Remediation

References

CVE-2013-4191

Related Vulnerabilities

Squid NULL Pointer Dereference Vulnerability (CVE-2020-14058)

WordPress Cryptographic Issues Vulnerability (CVE-2009-3622)

Ruby on Rails Improper Authentication Vulnerability (CVE-2012-3424)

MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-31548)

WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Multiple Vulnerabilities (3.7.0)

Severity

Medium

Classification

CVE-2013-4191 CWE-264

Tags

Missing Update Known Vulnerabilities