oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request for Plone

From: Matthew Wilkes <matthew () matthewwilkes co uk>
Date: Tue, 10 Dec 2013 14:58:37 +0000
Hello all,

I'd like to request some CVEs for Plone as we have a hotfix release today.


Filesystem path information leak
--------------------------------
First up, we have a vulnerability that allows people to find the install path of Plone on a server. I can't actually think of any attacks that happen with this, but we had a CVE assigned for it before so I'm requesting another. 

Details, including source links are at:
    https://plone.org/security/20131210/path-leak


Privilege escalation through exposed underlying API
---------------------------------------------------
Plone's searching infrastructure is based on CMF's, which is based on Zope's. Plone wraps the search API with additional filters for permissions and expired content. One of the methods that allows searching wasn't so wrapped, so people who can write untrusted Python can gain access to content they aren't authorised to. In addition, this can accidentally expose information. 

Details, including source links are at:
    https://plone.org/security/20131210/catalogue-exposure
In addition, we are releasing two patches to vulnerabilities in Zope today. Can somebody advise if these should be merged? 


Reflexive XSS in browser_id_manager
-----------------------------------
Zope's session infrastructure includes a method for encoding URLs, which is accessible through the web. By passing HTML into this method a reflexive XSS attack can be achieved. 

Details, including source links are at:
    https://plone.org/security/20131210/zope-xss-in-browseridmanager


Reflexive XSS in OFS.Image
--------------------------
Zope's image objects include a method for generating tags, which allow for arbitrary classes to be included. This method is accessible through the web and these classes are not sanitised, so the image tag can be broken out of and arbitrary HTML included. 

Details, including source links are at:
    https://plone.org/security/20131210/zope-xss-in-OFS


Thanks for your attention,

Matt
Previous By Date Next
Previous By Thread Next

Current thread: