CVE-2013-4189: Plone Privilege escalation due improper authorization

May 17, 2022 (updated April 13, 2025)

Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors.

References

bugzilla.redhat.com/show_bug.cgi?id=978450
github.com/advisories/GHSA-pwpq-632g-h49g
github.com/plone/Plone
github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-53.yaml
nvd.nist.gov/vuln/detail/CVE-2013-4189

Code Behaviors & Features

Detect and mitigate CVE-2013-4189 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →