oss-sec mailing list archives
Re: CVE Request: Plone Multiple Vulnerabilities
From: Nathan Van Gheem <nathan.van.gheem () plone org>
Date: Sat, 7 Jan 2017 06:26:27 -0600
Well, okay. Turns out CVEs were indeed already issued for these disclosures. I was pointed to https://vuldb.com/?id.92694 and so was told to get CVEs quickly. https://vuldb.com/?id.92694 -- seems like the reporter also requested his own CVEs under different groupings and now we have duplication disclosures/cves with classification conflicts. Not sure what to do about the duplicates but you can ignore this request. On Sat, Jan 7, 2017 at 5:54 AM, Nathan Van Gheem <nathan.van.gheem () plone org
wrote:
Dear oss-security List, Please provide CVEs for the following 6 issues: 1) Filesystem information leak A vulnerability that allows remote attackers to obtain information on files on the server Credit: Sebastian Perez Impact: By using relative paths and guessing locations on a server Plone is installed on, an attacker can read data from a target server that the process running plone has permission to read. The attacker needs administrator privileges on the Plone site to perform this attack. Reference: https://plone.org/security/hotfix/20160830/filesystem- information-leak 2) Non-Persistent XSS in Plone forms z3c.form will currently accept data from GET requests when the form is supposed to be POST. This allows a user to inject a potential XSS attack into a form. With certain widgets in Plone admin forms, the input is expected to be safe and can cause a reflexive XSS attack. Additionally, there is potential for an attack that will trick a user into saving a persistent XSS. Credit: Sebastian Perez Reference: https://plone.org/security/hotfix/20160830/non- persistent-xss-in-plone-forms 3) Open Redirection In multiple places, Plone blindly uses the referer header to redirect a user to the next page after a particular action. An attacker could utilize this to draw a user into a redirection attack. Credit: Sebastian Perez Reference: https://plone.org/security/hotfix/20160830/open- redirection-in-plone 4) Non-Persistent XSS Plone's URL checking infrastructure includes a method for checking if URLs valid and located in the Plone site. By passing javascript into this specially crafted url, XSS can be achieved. Credit: Sebastian Perez Reference: https://plone.org/security/hotfix/20160830/non- persistent-xss-in-plone-1 5) Non-Persistent XSS on user form Plone has unescaped user input in a page template that is open to XSS Credit: Sebastian Perez Reference: https://plone.org/security/hotfix/20160830/non- persistent-xss-in-plone 6) Non-Persistent XSS in Zope2 In multiple places, Zope2's ZMI pages do not properly escape user input Credit: Sebastian Perez Reference: https://plone.org/security/hotfix/20160830/non- persistent-xss-in-zope2 Versions Affected: 4.3.11 and any earlier 4.x version, 5.0.6 and any earlier 5.x version Code fixes: https://pypi.python.org/pypi/Products.PloneHotfix20160830 Recommended action: Install the https://pypi.python.org/pypi/Products.PloneHotfix20160830 package.
Current thread:
- CVE Request: Plone Multiple Vulnerabilities Nathan Van Gheem (Jan 07)
- Re: CVE Request: Plone Multiple Vulnerabilities Nathan Van Gheem (Jan 07)