CVE-2013-4193

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2013-4193
typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers to hide fields on the forms via a crafted URL.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://plone.org/products/plone-hotfix/releases/20130618 Patch
http://plone.org/products/plone/security/advisories/20130618-announcement Vendor Advisory
http://seclists.org/oss-sec/2013/q3/261
https://bugzilla.redhat.com/show_bug.cgi?id=978469
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*
History

No history.

Information

Published : 2014-03-11 19:37

Updated : 2014-03-12 01:24

NVD link : CVE-2013-4193

Mitre link : CVE-2013-4193

CVE.ORG link : CVE-2013-4193

JSON object : View

Products Affected

plone

  • plone
CWE
CWE-264

Permissions, Privileges, and Access Controls