A security flaw (privilege defined with unsafe actions) was found in the way portrait handling component of Plone, a user friendly and powerful content management system, performed portraits management. Remote attacker, authenticated Plone user could use this flaw to modify or delete portraits of other users.
References: http://plone.org/products/plone/security/advisories/20130611-announcement
The CVE identifier of CVE-2013-4197 has been assigned to this issue: http://www.openwall.com/lists/oss-security/2013/08/01/2
Created plone tracking bugs for this issue: Affects: epel-5 [bug 991015]