High severityNVD Advisory· Published Jul 19, 2011· Updated Jun 16, 2026
CVE-2011-2528
CVE-2011-2528
Description
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
PlonePyPI | >= 3.3.2, < 3.3.6 | 3.3.6 |
Zope2PyPI | >= 2.12.0, < 2.12.19 | 2.12.19 |
Zope2PyPI | >= 2.13.0, < 2.13.8 | 2.13.8 |
Affected products
80cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*+ 35 more
- cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone_hotfix_20110720:*:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.0:*:*:*:*:*:*:*+ 40 more
- cpe:2.3:a:zope:zope:2.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.0:a1:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.0:a2:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.0:a3:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.0:a4:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.0:b1:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.0:b2:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.0:b3:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.0:b4:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.10:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.11:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.12:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.13:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.14:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.15:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.16:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.17:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.18:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.3:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.4:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.5:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.6:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.7:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.8:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.9:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.0:a1:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.0:a2:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.0:a3:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.0:a4:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.0:b1:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.0:c1:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.3:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.4:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.5:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.6:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.7:*:*:*:*:*:*:*
- ghsa-coords2 versions
>= 3.3.2, < 3.3.6+ 1 more
- (no CPE)range: >= 3.3.2, < 3.3.6
- (no CPE)range: >= 2.12.0, < 2.12.19
Patches
Vulnerability mechanics
References
16- plone.org/products/plone-hotfix/releases/20110622nvdPatchVendor AdvisoryWEB
- plone.org/products/plone/security/advisories/20110622nvdPatchVendor AdvisoryWEB
- www.openwall.com/lists/oss-security/2011/07/04/6nvdPatchWEB
- www.openwall.com/lists/oss-security/2011/07/12/9nvdPatchWEB
- bugzilla.redhat.com/show_bug.cginvdPatchWEB
- mail.zope.org/pipermail/zope-announce/2011-June/002260.htmlnvdPatchWEB
- secunia.com/advisories/45056nvdVendor AdvisoryWEB
- secunia.com/advisories/45111nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-p6h9-hpcg-c6gmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-2528ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-25.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-32.yamlghsaWEB
- plone.org/products/plone-hotfix/releases/20110622ghsaWEB
- plone.org/products/plone/security/advisories/20110622ghsaWEB
- www.openwall.com/lists/oss-security/2011/07/04/6ghsaWEB
- www.openwall.com/lists/oss-security/2011/07/12/9ghsaWEB
News mentions
0No linked articles in our index yet.