Remote Code Execution Flaw in Plone CMS Affecting Authentication Managers
CVE-2021-33509

9.9CRITICAL

Key Information:

Vendor

Plone

Status
Plone
Vendor
CVE Published:
21 May 2021

What is CVE-2021-33509?

A vulnerability in Plone CMS versions up to 5.2.4 permits remote authenticated managers to execute arbitrary disk I/O operations. This is achieved by manipulating keyword arguments in the ReStructuredText transform within a Python script, potentially leading to unauthorized file writing and further compromises within the system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://plone.org/security/hotfix/20210518/writing-arbitr...
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2021/05/22/1
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.