CVE-2013-4189
Plone Privilege escalation due improper authorization
4.9
MEDIUM
CVSS 3.1
EPSS 0.50%
Description
Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors.
How to fix CVE-2013-4189
To remediate CVE-2013-4189, upgrade the affected package to a fixed version below.
- —no fix listed
- —upgrade to 4.1.1 or later
Is CVE-2013-4189 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 2.1, <= 4.1
- >= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM4.9 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |