CVE-2013-4196
MEDIUM5.3EPSS 0.32%Plone is vulnerable to information exposure via the object manager implementation
Published: 5/17/2022Modified: 10/18/2024
Description
The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request.
Affected packages (2)
- PyPI/plone>= 2.1, < 4.1.1
- PyPI/plone>= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-4196
- PATCHhttps://github.com/plone/Plone
- WEBhttp://plone.org/products/plone-hotfix/releases/20130618
- WEBhttp://plone.org/products/plone/security/advisories/20130618-announcement
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=978475
- WEBhttp://seclists.org/oss-sec/2013/q3/261
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-60.yaml