Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAL8hw9Hx1HH2DuD8RL1fMAK3SnXsnRSwkF-rb_26z2_Soq+PCg@mail.gmail.com>
Date: Mon, 5 Sep 2016 18:42:51 +0200
From: Nathan Van Gheem <nathan.van.gheem@...ne.org>
To: oss-security@...ts.openwall.com
Subject: CVE request: Plone multiple vulnerabilities

Hi,

Multiple vulnerabilities were recently patched.


1. *filesystem information leak*:
https://plone.org/security/hotfix/20160830/filesystem-information-leak

Managers had the ability to find read files from the file system that the
system user running the plone process had access to

2. *Non-Persistent XSS in Plone forms*:
https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-forms

z3c.form will currently accept data from GET requests when the form is
supposed to be POST. This allows a user to inject a potential XSS attack
into a form. With certain widgets in Plone admin forms, the input is
expected to be safe and can cause a reflexive XSS attack. Additionally,
there is potential for an attack that will trick a user into saving a
persistent XSS.

3. *open redirection*:
https://plone.org/security/hotfix/20160830/open-redirection-in-plone

In multiple places, Plone blindly uses the referer header to redirect a
user to the next page after a particular action. An attacker could utilize
this to draw a user into a redirection attack.

4. *Non-Persistent XSS in Plone*:
https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-1

Plone's URL checking infrastructure includes a method for checking if URLs
valid and located in the Plone site. By passing javascript into this
specially crafted url, XSS can be achieved.

5. *Non-Persistent XSS in Plone Zope Management(ZMI)*:
https://plone.org/security/hotfix/20160830/non-persistent-xss-in-zope2

In multiple places, Zope2's ZMI pages do not properly escape user input


Credits to all these go to Sebastian Perez

All of these vulnerabilities have been patched with the hotfix release
package(https://plone.org/security/hotfix/20160830) and are being
incorporated upstream.


Thanks,
Nathan

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.