diff options
author | Xin LI <delphij@FreeBSD.org> | 2011-02-11 19:48:03 +0000 |
---|---|---|
committer | Xin LI <delphij@FreeBSD.org> | 2011-02-11 19:48:03 +0000 |
commit | 7fb7de0219bf7e93f5d80fc012760f3371c0bcc1 (patch) | |
tree | 67ab39393856ad12109f645badec6f43b90fa32f /security | |
parent | daf58256ad22f4a50d41d38dcbf24b76ccfb21c7 (diff) | |
download | ports-7fb7de0219bf7e93f5d80fc012760f3371c0bcc1.tar.gz ports-7fb7de0219bf7e93f5d80fc012760f3371c0bcc1.zip |
Document plone remote security bypass vulnerability.
Submitted by: Tim Zingelman <tez netbsd.org>
Notes
Notes:
svn path=/head/; revision=268948
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index b5180c5e61f7..2b916c8a2738 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,42 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="7c492ea2-3566-11e0-8e81-0022190034c0"> + <topic>plone -- Remote Security Bypass</topic> + <affects> + <package> + <name>plone</name> + <range><ge>2.5</ge></range> + </package> + <package> + <name>plone3</name> + <range><ge>3</ge></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Plone developer reports:</p> + <blockquote cite="http://plone.org/products/plone/security/advisories/cve-2011-0720"> + <p>This is an escalation of privileges attack that can be used by + anonymous users to gain access to a Plone site's administration + controls, view unpublished content, create new content and modify a + site's skin. The sandbox protecting access to the underlying + system is still in place, and it does not grant access to other + applications running on the same Zope instance.</p> + </blockquote> + </body> + </description> + <references> + <bid>46102</bid> + <cvename>CVE-2011-0720</cvename> + <url>http://plone.org/products/plone/security/advisories/cve-2011-0720</url> + </references> + <dates> + <discovery>2011-02-02</discovery> + <entry>2011-02-10</entry> + </dates> + </vuln> + <vuln vid="44ccfab0-3564-11e0-8e81-0022190034c0"> <topic>exim -- local privilege escalation</topic> <affects> |