Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).
References
Link | Resource |
---|---|
https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt | Release Notes Vendor Advisory |
https://github.com/plone/Products.CMFPlone/issues/3209 | Patch Third Party Advisory |
https://www.misakikata.com/codes/plone/python-en.html | Broken Link |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-12-30T18:38:01
Updated: 2020-12-30T18:38:01
Reserved: 2020-11-16T00:00:00
Link: CVE-2020-28735
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-12-30T19:15:13.327
Modified: 2021-01-04T19:16:23.207
Link: CVE-2020-28735
JSON object: View
Redhat Information
No data.
CWE