GHSA-82j9-wfcf-9v2h

Source

https://github.com/advisories/GHSA-82j9-wfcf-9v2h

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-82j9-wfcf-9v2h/GHSA-82j9-wfcf-9v2h.json

Aliases

Published

2022-05-24T17:07:14Z

Modified

2024-02-16T08:15:18.564844Z

Details

An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site.

References

Affected packages

PyPI / plone

Package

Name: plone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0

Fixed

4.3.20

Affected versions

4.*

4.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.0.8

4.0.9

4.0.10

4.1a1

4.1a2

4.1a3

4.1b1

4.1b2

4.1rc2

4.1rc3

4.1

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.2a1

4.2a2

4.2b1

4.2b2

4.2rc1

4.2rc2

4.2

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

4.2.7

4.3a1

4.3a2

4.3b1

4.3b2

4.3rc1

4.3

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5

4.3.6

4.3.7

4.3.8

4.3.9

4.3.10

4.3.11

4.3.12

4.3.13

4.3.14

4.3.15

4.3.16

4.3.17

4.3.18

4.3.19

PyPI / plone

Package

Name: plone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0rc1

Fixed

5.1.7

Affected versions

5.*

5.0rc1

5.0rc2

5.0rc3

5.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.0.8

5.0.9

5.0.10

5.1a1

5.1a2

5.1b1

5.1b2

5.1b3

5.1b4

5.1rc1

5.1rc2

5.1.0

5.1.1

5.1.2

5.1.3

5.1.4

5.1.5

5.1.6

PyPI / plone

Package

Name: plone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.2.0

Fixed

5.2.2

Affected versions

5.*

5.2.0

5.2.1