CVE Vulnerabilities

CVE-2013-4191

Published: Mar 11, 2014 | Modified: Mar 12, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to obtain sensitive information by reading a generated archive.

Affected Software

Name Vendor Start Version End Version
Plone Plone 4.3 (including) 4.3 (including)
Plone Plone 4.3.1 (including) 4.3.1 (including)

References