[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Plone security hotfix 20200121
From:       Maurits van Rees <maurits () vanrees ! org>
Date:       2020-01-24 15:21:00
Message-ID: 6a5b1823-285d-3e6c-0d69-84ebb35e3297 () vanrees ! org
[Download RAW message or body]

We have received CVE numbers from mitre.org. Thanks. See inline below.

On 21/01/2020 23:49, Maurits van Rees wrote:
> A Plone security hotfix was released today.
> 
> CVE numbers: not yet issued. We will request them shortly from mitre.org.
> 
> Versions Affected: All supported Plone versions (4.3.15 and any earlier
> 4.x version, 5.2.1 and any earlier 5.x version). Previous versions could
> be affected but have not been tested.
> 
> Versions Not Affected: None.
> 
> Nature of vulnerability:
> 
> The patch addresses several security issues:
> 
> - Privilege escalation when plone.restapi is installed. Reported and
> fixed by Lukas Graf and Niklaus Johner.
CVE-2020-7938
> - An open redirection on the login form and possibly other places where
> redirects are done. The isURLInPortal check that is done to avoid linking to an externalsite \
> could be tricked into accepting malicious links. Reported by Damiano Esposito.
CVE-2020-7936
> - Password strength checks were not always checked. Reported by Ben Kummer.
CVE-2020-7940
> - You might be able to PUT (overwrite) some content without needing
> write permission.
> This seems hard to do in practice. This fix is only needed when you
> use plone.app.contenttypes. Reported and fixed by Alessandro Pisa.
CVE-2020-7941
> - SQL quoting in DTML or in connection objects was insufficient, leading
> to possible SQL injections. This is a problem in Zope. If you use Zope
> without Plone, this hotfix should work for you too. Reported and fixed
> by Michael Brunnbauer and Michael Howitz.
CVE-2020-7939
> - Cross Site Scripting (XSS) in the title field on plone 5.0 and higher.
> Reported by Marcos Valle.
CVE-2020-7937

-- 
Maurits van Rees https://maurits.vanrees.org/


[prev in list] [next in list] [prev in thread] [next in thread]