Red Hat Bugzilla – Bug 978478
CVE-2013-4197 plone: Authenticated users able to modify / delete portraits of other users (member_portrait.py)
Last modified: 2015-08-22 11:15:31 EDT
A security flaw (privilege defined with unsafe actions) was found in the way portrait handling component of Plone, a user friendly and powerful content management system, performed portraits management. Remote attacker, authenticated Plone user could use this flaw to modify or delete portraits of other users.
The CVE identifier of CVE-2013-4197 has been assigned to this issue:
Created plone tracking bugs for this issue:
Affects: epel-5 [bug 991015]