CVE-2011-4030

The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.

Published Bycve@mitre.org

Published DateOct 10, 2011, 10:55

Affected Versions(3)

Plone(PyPI)

Introduced4.0

Fixed4.0.10

LimitN/A

Plone(PyPI)

Introduced4.1

Fixed4.1.1

LimitN/A

Plone(PyPI)

Introduced4.2a1

Fixed4.2a3

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
Plone(PyPI)	4.0	4.0.10	N/A
Plone(PyPI)	4.1	4.1.1	N/A
Plone(PyPI)	4.2a1	4.2a3	N/A

Weakness Type (CWE):CWE-264

CVSS Metrics

Base Score

9.3

Vector String

AV:N/AC:M/Au:N/C:C/I:C/A:C

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

COMPLETE

Integrity (I)

COMPLETE

Availability (A)

COMPLETE

References

Weakness Type (CWE):CWE-264

CVSS Metrics

Base Score

9.3

Vector String

AV:N/AC:M/Au:N/C:C/I:C/A:C

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

COMPLETE

Integrity (I)

COMPLETE

Availability (A)

COMPLETE