GHSA-rg52-j87w-pf83

Source

https://github.com/advisories/GHSA-rg52-j87w-pf83

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rg52-j87w-pf83/GHSA-rg52-j87w-pf83.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-rg52-j87w-pf83

Aliases

Published

2022-05-17T04:41:01Z

Modified

2024-10-15T18:01:10.469655Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

Plone Filesystem path information leak

Details

Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope.

Database specific

{
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-200"
    ],
    "github_reviewed_at": "2023-08-29T18:25:45Z",
    "nvd_published_at": "2014-05-02T14:55:00Z",
    "severity": "MODERATE"
}

References

Affected packages

PyPI / plone

Package

Name: plone; View open source insights on deps.dev
Purl: pkg:pypi/plone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.3

Fixed

4.3.3

Affected versions

3.*

3.3

3.3.1

3.3.2

3.3.3

3.3.4

3.3.5

3.3.6

4.*

4.0a1

4.0a2

4.0a3

4.0a4

4.0a5

4.0b1

4.0b2

4.0b3

4.0b4

4.0b5

4.0rc1

4.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.0.8

4.0.9

4.0.10

4.1a1

4.1a2

4.1a3

4.1b1

4.1b2

4.1rc2

4.1rc3

4.1

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.2a1

4.2a2

4.2b1

4.2b2

4.2rc1

4.2rc2

4.2

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

4.2.7

4.3a1

4.3a2

4.3b1

4.3b2

4.3rc1

4.3

4.3.1

4.3.2

Database specific

last_known_affected_version_range

"<= 4.3.2"

PyPI / products-cmfplone