GHSA-6h8x-73fx-q2h9

Suggest an improvement
Source
https://github.com/advisories/GHSA-6h8x-73fx-q2h9
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6h8x-73fx-q2h9/GHSA-6h8x-73fx-q2h9.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-6h8x-73fx-q2h9
Aliases
Published
2022-05-17T02:57:32Z
Modified
2024-02-16T08:18:05.221391Z
Severity
  • 4.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Chameleon in Plone allows Authentication Bypass
Details

Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.

References

Affected packages

PyPI / plone

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.0rc1
Last affected
5.0.4

Affected versions

5.*

5.0rc1
5.0rc2
5.0rc3
5.0
5.0.1
5.0.2
5.0.3
5.0.4

PyPI / plone

Package

Affected ranges

Affected versions

5.*

5.1a1