Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role.
References
Link | Resource |
---|---|
https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt | Release Notes Vendor Advisory |
https://github.com/plone/Products.CMFPlone/issues/3209 | Patch Third Party Advisory |
https://www.misakikata.com/codes/plone/python-en.html | Broken Link |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-12-30T18:35:17
Updated: 2020-12-30T18:35:17
Reserved: 2020-11-16T00:00:00
Link: CVE-2020-28734
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-12-30T19:15:13.263
Modified: 2021-01-04T19:17:49.863
Link: CVE-2020-28734
JSON object: View
Redhat Information
No data.
CWE