Critical severityNVD Advisory· Published Jan 23, 2020· Updated Aug 4, 2024
CVE-2020-7941
CVE-2020-7941
Description
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
PlonePyPI | >= 4.3, <= 5.2.1 | — |
plone.app.contenttypesPyPI | >= 0 | — |
Affected products
3- Plone/Plonedescription
- ghsa-coords2 versions
>= 4.3, <= 5.2.1+ 1 more
- (no CPE)range: >= 4.3, <= 5.2.1
- (no CPE)range: >= 0
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-w6g9-xccc-347hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-7941ghsaADVISORY
- www.openwall.com/lists/oss-security/2020/01/24/1ghsamailing-listx_refsource_MLISTWEB
- github.com/plone/plone.app.contenttypes/blob/master/CHANGES.rstghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-90.yamlghsaWEB
- plone.org/security/hotfix/20200121ghsax_refsource_MISCWEB
- plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-contentghsax_refsource_MISCWEB
- www.openwall.com/lists/oss-security/2020/01/22/1ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.