Red Hat Bugzilla – Bug 978450
CVE-2013-4189 plone: Privilege escalation due improper authorization (dataitems.py, get.py, traverseName.py)
Last modified: 2015-08-22 11:59:51 EDT
A privilege escalation flaw was found in the way Plone, a user friendly and powerful content management system, enforced authorization for users having administrator privilege access for a subtree of a particular node (access to node above that subtree was granted even when the user in question has had administrator privilege only for a subtree of that node). A remote attacker, with administrator user privilege to certain subtree of Plone actions / functionality, could use this flaw to access / alter also higher nodes.
The CVE identifier of CVE-2013-4189 has been assigned to this issue:
Created plone tracking bugs for this issue:
Affects: epel-5 [bug 991015]