The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them.
References
Link | Resource |
---|---|
https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23756 | Exploit Third Party Advisory |
Configurations
History
15 Feb 2024, 16:01
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | NVD-CWE-noinfo | |
References | () https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23756 - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:plone:plone:5.2.13:*:*:*:*:*:*:* | |
First Time |
Plone plone
Plone |
|
Summary |
|
08 Feb 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-08 21:15
Updated : 2024-02-15 16:01
NVD link : CVE-2024-23756
Mitre link : CVE-2024-23756
CVE.ORG link : CVE-2024-23756
JSON object : View
Products Affected
plone
- plone
CWE