oss-sec mailing list archives
Re: CVE Request: Bypass Restricted Python - Plone
From: cve-assign () mitre org
Date: Tue, 19 Apr 2016 22:51:13 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://plone.org/security/20160419/bypass-restricted-python A user who can create or edit templates(usually only admins) can bypass Restricted Python. This vulnerability should only affect site administrators who have ZMI access, or when you gave users permission to edit PloneFormGen templates. Only Chameleon (five.pt) is affected. This package is used by default in Plone 5, and can be added in Plone 4.
Use CVE-2016-4043. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXFu1xAAoJEHb/MwWLVhi2I9cP/0SBPz78iiLQw+BDo5O/Veu7 uKDU4AWcY7G4BXvLpC8aOaTDN19o5RlAp/8cXgZBZ0e0jL4wxqDlakmn5enqDVlB FAMzNppGCKPbP7mMhjhp0Y09oqkEBDpcK8VTiYoLCEP8EkyBRVyL2GnM1Y2nRrXj RDg/lxskoIE9MnExPAMGzpzWzuQk5GVDSz0hh39IxgQhx0/7rhKSxhN6RT5GdrAx Uafip+Vb/ezJKe/TvSr9IDKJ3SZjKVa7nFqlsQaTTIve3MZ81H/4zCbn0X+V6MX6 USLbOut1LywohvVLmegO/uf8w3arT+szDYThljp0HpraGHQDt/YRaYl4D3BjVcb0 Q4xhaIWGTPnV5Axoh2yj2RVl6Yx8+sDMQvT6HANcpEU0wcPNvbouTu8EY0mAxToI g33vyCkidscrt3PFQuUVbfbxIqclncqKNtf9i7+0jCYQZEIbR7V44rqWwMVCJ1VZ a2UunPe0h2COZ0m7WifM2b82i8ox87l7qcw3CppysKOS20i1h4L8KkW2qkdcQJCm jng9DWicSo95sxjUBXajYvKHBCALHXqSiKiKq6Vu+vX+y79JW6lb3HRxJzpjhMg2 imD3xLmh9jCmBiIKqm3oj/tweMlAX1b8llz7AUbkLu3TepzsGhTHNx+QngAg80Bh zlAz4kl1XvkyBWijKrEb =P6qe -----END PGP SIGNATURE-----
Current thread:
- CVE Request: Bypass Restricted Python Nathan Van Gheem (Apr 19)
- Re: CVE Request: Bypass Restricted Python - Plone cve-assign (Apr 19)