5.8

CVE-2013-4191

zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to obtain sensitive information by reading a generated archive.

Data is provided by the National Vulnerability Database (NVD)
PlonePlone Version4.3
PlonePlone Version4.3.1
PlonePlone Version4.2
PlonePlone Version4.2.1
PlonePlone Version4.2.2
PlonePlone Version4.2.3
PlonePlone Version4.2.4
PlonePlone Version4.2.5
PlonePlone Version2.1
PlonePlone Version2.1.1
PlonePlone Version2.1.2
PlonePlone Version2.1.3
PlonePlone Version2.1.4
PlonePlone Version2.5
PlonePlone Version2.5.1
PlonePlone Version2.5.2
PlonePlone Version2.5.3
PlonePlone Version2.5.4
PlonePlone Version2.5.5
PlonePlone Version3.0
PlonePlone Version3.0.1
PlonePlone Version3.0.2
PlonePlone Version3.0.3
PlonePlone Version3.0.4
PlonePlone Version3.0.5
PlonePlone Version3.0.6
PlonePlone Version3.1
PlonePlone Version3.1.1
PlonePlone Version3.1.2
PlonePlone Version3.1.3
PlonePlone Version3.1.4
PlonePlone Version3.1.5.1
PlonePlone Version3.1.6
PlonePlone Version3.1.7
PlonePlone Version3.2
PlonePlone Version3.2.1
PlonePlone Version3.2.2
PlonePlone Version3.2.3
PlonePlone Version3.3
PlonePlone Version3.3.1
PlonePlone Version3.3.2
PlonePlone Version3.3.3
PlonePlone Version3.3.4
PlonePlone Version3.3.5
PlonePlone Version4.0
PlonePlone Version4.0.1
PlonePlone Version4.0.2
PlonePlone Version4.0.3
PlonePlone Version4.0.4
PlonePlone Version4.0.5
PlonePlone Version4.0.6.1
PlonePlone Version4.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.31% 0.511
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N