oss-sec mailing list archives

CVE Request: Bypass Restricted Python

From: Nathan Van Gheem <vangheem () gmail com>
Date: Tue, 19 Apr 2016 15:12:33 +0000

Hi,

Can a CVE be assigned to this issue, please?

https://plone.org/security/20160419/bypass-restricted-python

A user who can create or edit templates(usually only admins) can bypass
Restricted Python.

The relevant code is:

https://plone.org/security/20160419

The vendor credits with the discovery: Fred van Dijk and Maurits van Rees

Thanks, let me know if you'd like more information.

-- 
Nathan Van Gheem
Director of Solutions Engineering
Wildcard Corp

Current thread:

CVE Request: Bypass Restricted Python Nathan Van Gheem (Apr 19)
- Re: CVE Request: Bypass Restricted Python - Plone cve-assign (Apr 19)