CVE-2020-7941: Plone Unauthenticated Write Vulnerability
(updated )
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.
References
- github.com/advisories/GHSA-w6g9-xccc-347h
- github.com/plone/plone.app.contenttypes
- github.com/plone/plone.app.contenttypes/blob/master/CHANGES.rst?plain=1
- github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-90.yaml
- nvd.nist.gov/vuln/detail/CVE-2020-7941
- plone.org/security/hotfix/20200121
- plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content
- www.openwall.com/lists/oss-security/2020/01/22/1
Code Behaviors & Features
Detect and mitigate CVE-2020-7941 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →