oss-sec mailing list archives
Re: CVE request: Plone multiple vulnerabilities
From: Nathan Van Gheem <nathan.van.gheem () plone org>
Date: Mon, 5 Sep 2016 21:35:12 +0200
Hi, Re-submitting again because I forgot one of the vulnerabilities. Multiple vulnerabilities were recently patched. 1. *filesystem information leak*: https://plone.org/security/ hotfix/20160830/filesystem-information-leak Managers had the ability to find read files from the file system that the system user running the plone process had access to 2. *Non-Persistent XSS in Plone forms*: https://plone.org/security/ hotfix/20160830/non-persistent-xss-in-plone-forms z3c.form will currently accept data from GET requests when the form is supposed to be POST. This allows a user to inject a potential XSS attack into a form. With certain widgets in Plone admin forms, the input is expected to be safe and can cause a reflexive XSS attack. Additionally, there is potential for an attack that will trick a user into saving a persistent XSS. 3. *open redirection*: https://plone.org/security/hotfix/20160830/open- redirection-in-plone In multiple places, Plone blindly uses the referer header to redirect a user to the next page after a particular action. An attacker could utilize this to draw a user into a redirection attack. 4. *Non-Persistent XSS in Plone*: https://plone.org/security/ hotfix/20160830/non-persistent-xss-in-plone-1 Plone's URL checking infrastructure includes a method for checking if URLs valid and located in the Plone site. By passing javascript into this specially crafted url, XSS can be achieved. 5. *Non-persistent XSS in Plone*: https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone Plone has unescaped user input in a page template that is open to XSS. 5. *Non-Persistent XSS in Plone Zope Management(ZMI)*: https://plone.org/security/hotfix/20160830/non-persistent-xss-in-zope2 In multiple places, Zope2's ZMI pages do not properly escape user input Credits to all these go to Sebastian Perez All of these vulnerabilities have been patched with the hotfix release package(https://plone.org/security/hotfix/20160830) and are being incorporated upstream. Thanks, Nathan On Mon, Sep 5, 2016 at 6:42 PM, Nathan Van Gheem <nathan.van.gheem () plone org
wrote:
Hi, Multiple vulnerabilities were recently patched. 1. *filesystem information leak*: https://plone.org/security/ hotfix/20160830/filesystem-information-leak Managers had the ability to find read files from the file system that the system user running the plone process had access to 2. *Non-Persistent XSS in Plone forms*: https://plone.org/security/ hotfix/20160830/non-persistent-xss-in-plone-forms z3c.form will currently accept data from GET requests when the form is supposed to be POST. This allows a user to inject a potential XSS attack into a form. With certain widgets in Plone admin forms, the input is expected to be safe and can cause a reflexive XSS attack. Additionally, there is potential for an attack that will trick a user into saving a persistent XSS. 3. *open redirection*: https://plone.org/security/hotfix/20160830/open- redirection-in-plone In multiple places, Plone blindly uses the referer header to redirect a user to the next page after a particular action. An attacker could utilize this to draw a user into a redirection attack. 4. *Non-Persistent XSS in Plone*: https://plone.org/security/ hotfix/20160830/non-persistent-xss-in-plone-1 Plone's URL checking infrastructure includes a method for checking if URLs valid and located in the Plone site. By passing javascript into this specially crafted url, XSS can be achieved. 5. *Non-Persistent XSS in Plone Zope Management(ZMI)*: https://plone.org/security/hotfix/20160830/non-persistent-xss-in-zope2 In multiple places, Zope2's ZMI pages do not properly escape user input Credits to all these go to Sebastian Perez All of these vulnerabilities have been patched with the hotfix release package(https://plone.org/security/hotfix/20160830) and are being incorporated upstream. Thanks, Nathan
Current thread:
- CVE request: Plone multiple vulnerabilities Nathan Van Gheem (Sep 05)
- Re: CVE request: Plone multiple vulnerabilities Nathan Van Gheem (Sep 05)
- Re: CVE request: Plone multiple vulnerabilities cve-assign (Sep 05)
- Re: CVE request: Plone multiple vulnerabilities Nathan Van Gheem (Sep 05)