oss-sec mailing list archives
Plone: cache poisoning in image_view_fullscreen
From: Maurits van Rees <maurits () vanrees org>
Date: Mon, 31 Jan 2022 09:34:53 +0100
Plone is vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the image_view_fullscreen page in a cache, for example in Varnish.
The technique is known as cache poisoning. Any later visitor can get redirected when clicking on a link on this page.Usually only anonymous users are affected, but this depends on your cache settings.
Versions Affected: All supported Plone versions (4.3.20 and any earlier 4.3.x version, 5.2.6 and any earlier 5.x version, 6.0.0a2 and any earlier 6.0.0 version).
There are updated packages for Plone 5.2: plone.app.contenttypes 2.2.3 Products.ATContentTypes 3.0.6 And updated packages for 6.0 (which is in alpha): plone.app.contenttypes 3.0.0a9With the default version pins, new Plone 5.2.7 and 6.0.0a3 are not affected. Earlier versions are.
CVE number: CVE-2022-23599. More information:- GitHub: https://github.com/plone/Products.CMFPlone/security/advisories/GHSA-8w54-22w9-3g8f - community.plone.org: https://community.plone.org/t/security-fix-for-image-view-fullscreen-cache-poisoning/14757?u=mauritsvanrees
- plone.org: https://plone.org/security/hotfix/20220128 -- Maurits van Rees https://maurits.vanrees.org/
Current thread:
- Plone: cache poisoning in image_view_fullscreen Maurits van Rees (Jan 31)