CVE-2013-4189

Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors.

Published: Mar 11, 2014
Updated: Apr 13, 2023
CVE: CVE-2013-4189
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
plone / plone	3.3	3.3.x
plone / plone	4.0.5	4.0.5.x
plone / plone	3.0.1	3.0.1.x
plone / plone	3.0	3.0.x
plone / plone	3.2.3	3.2.3.x
plone / plone	3.1.4	3.1.4.x
plone / plone	3.1.5.1	3.1.5.1.x
plone / plone	2.1.4	2.1.4.x
plone / plone	4.0.2	4.0.2.x
plone / plone	3.3.5	3.3.5.x
plone / plone	3.0.6	3.0.6.x
plone / plone	2.5.4	2.5.4.x
plone / plone	3.2	3.2.x
plone / plone	3.1.1	3.1.1.x
plone / plone	2.1.1	2.1.1.x
plone / plone	3.3.4	3.3.4.x
plone / plone	3.3.2	3.3.2.x
plone / plone	4.0.4	4.0.4.x
plone / plone	3.1.7	3.1.7.x
plone / plone	2.5.1	2.5.1.x
plone / plone	4.1	4.1.x
plone / plone	2.5.3	2.5.3.x
plone / plone	3.2.2	3.2.2.x
plone / plone	2.1.2	2.1.2.x
plone / plone	3.0.3	3.0.3.x
plone / plone	3.3.1	3.3.1.x
plone / plone	3.0.4	3.0.4.x
plone / plone	3.1.2	3.1.2.x
plone / plone	3.2.1	3.2.1.x
plone / plone	4.0	4.0.x
plone / plone	3.0.5	3.0.5.x
plone / plone	4.0.6.1	4.0.6.1.x
plone / plone	2.5	2.5.x
plone / plone	2.5.2	2.5.2.x
plone / plone	4.0.1	4.0.1.x
plone / plone	3.0.2	3.0.2.x
plone / plone	2.1	2.1.x
plone / plone	3.1	3.1.x
plone / plone	3.3.3	3.3.3.x
plone / plone	2.1.3	2.1.3.x
plone / plone	3.1.6	3.1.6.x
plone / plone	3.1.3	3.1.3.x
plone / plone	4.0.3	4.0.3.x
plone / plone	2.5.5	2.5.5.x
plone / plone	4.2.3	4.2.3.x
plone / plone	4.2.2	4.2.2.x
plone / plone	4.2.5	4.2.5.x
plone / plone	4.2.4	4.2.4.x
plone / plone	4.2	4.2.x
plone / plone	4.2.1	4.2.1.x
plone / plone	4.3	4.3.x
plone / plone	4.3.1	4.3.1.x

Vulnerability Database

289,784

CVE-2013-4189