Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 19 Sep 2015 10:47:29 -0500
From: Nathan Van Gheem <>
Subject: CVE Request: Plone Privilege Escalation


Can a CVE be assigned to this issue, please?

An incorrect security declaration would allow any authenticated user to
edit kupu settings--the wysiwyg editor for old versions of Plone. Versions
affected are all versions Plone 3 through 4.2. A hotfix has been posted
only as releases are not made of these versions any longer.

The relevant code is:

The vendor credits with the discovery: Richard Mitchell

Thanks, let me know if you'd like more information.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ