First published: Mon Jul 04 2011(Updated: )
It was reported [1] that Plone suffers from a vulnerability that can be exploited to bypass certain security restrictions. This is due to a vulnerable bundled version of Zope. Plone 3.x users that backported the fix for <a href="https://access.redhat.com/security/cve/CVE-2011-0720">CVE-2011-0720</a> (PloneHotfix20110720) are affected due to the vulnerability being inadvertently backported via the hotfix. A new hotfix (20110622) is available [2] to correct the flaw. [1] <a href="http://plone.org/products/plone/security/advisories/20110622">http://plone.org/products/plone/security/advisories/20110622</a> [2] <a href="http://plone.org/products/plone-hotfix/releases/20110622">http://plone.org/products/plone-hotfix/releases/20110622</a>
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Zope Zope | =2.12.0-a2 | |
Zope Zope | =2.12.11 | |
Zope Zope | =2.12.9 | |
Zope Zope | =2.12.8 | |
Plone Plone | =4.0.5 | |
Zope Zope | =2.13.0-a3 | |
Zope Zope | =2.12.16 | |
Zope Zope | =2.13.0-c1 | |
Zope Zope | =2.12.10 | |
Zope Zope | =2.12.3 | |
Zope Zope | =2.12.12 | |
Plone Plone | =4.0.2 | |
Zope Zope | =2.13.0-b1 | |
Zope Zope | =2.13.0 | |
Zope Zope | =2.12.17 | |
Zope Zope | =2.12.14 | |
Zope Zope | =2.12.15 | |
Plone Plone | =4.0.8 | |
Zope Zope | =2.12.0 | |
Plone Plone | =4.0.7 | |
Plone Plone | =4.0.4 | |
Zope Zope | =2.12.0-b1 | |
Zope Zope | =2.12.5 | |
Zope Zope | =2.12.0-a4 | |
Zope Zope | =2.12.0-a1 | |
Zope Zope | =2.13.7 | |
Plone Plone | =4.1 | |
Zope Zope | =2.12.18 | |
Zope Zope | =2.13.2 | |
Zope Zope | =2.13.4 | |
Zope Zope | =2.13.1 | |
Zope Zope | =2.12.6 | |
Zope Zope | =2.12.2 | |
Zope Zope | =2.13.0-a2 | |
Zope Zope | =2.12.0-b2 | |
Plone Plone | =4.0 | |
Plone Plone | =4.0.6.1 | |
Zope Zope | =2.12.0-a3 | |
Zope Zope | =2.13.0-a1 | |
Zope Zope | =2.12.0-b3 | |
Zope Zope | =2.13.3 | |
Zope Zope | =2.13.5 | |
Zope Zope | =2.12.7 | |
Zope Zope | =2.13.0-a4 | |
Plone Plone | =4.0.1 | |
Zope Zope | =2.12.4 | |
Zope Zope | =2.13.6 | |
Zope Zope | =2.12.0-b4 | |
Plone Plone | =4.0.3 | |
Zope Zope | =2.12.1 | |
Zope Zope | =2.12.13 | |
Plone Plone Hotfix 20110720 | ||
Plone Plone | =3.0 | |
Plone Plone | =3.0.1 | |
Plone Plone | =3.0.2 | |
Plone Plone | =3.0.3 | |
Plone Plone | =3.0.4 | |
Plone Plone | =3.0.5 | |
Plone Plone | =3.0.6 | |
Plone Plone | =3.1 | |
Plone Plone | =3.1.1 | |
Plone Plone | =3.1.2 | |
Plone Plone | =3.1.3 | |
Plone Plone | =3.1.4 | |
Plone Plone | =3.1.5.1 | |
Plone Plone | =3.1.6 | |
Plone Plone | =3.1.7 | |
Plone Plone | =3.2 | |
Plone Plone | =3.2.1 | |
Plone Plone | =3.2.2 | |
Plone Plone | =3.2.3 | |
Plone Plone | =3.3 | |
Plone Plone | =3.3.1 | |
Plone Plone | =3.3.2 | |
Plone Plone | =3.3.3 | |
Plone Plone | =3.3.4 | |
Plone Plone | =3.3.5 | |
Plone Plone | =3.3.6 | |
pip/Zope2 | >=2.13.0<2.13.8 | 2.13.8 |
pip/Zope2 | >=2.12.0<2.12.19 | 2.12.19 |
pip/Plone | >=3.3.2<3.3.6 | 3.3.6 |
All of | ||
Plone Plone Hotfix 20110720 | ||
Any of | ||
Plone Plone | =3.0 | |
Plone Plone | =3.0.1 | |
Plone Plone | =3.0.2 | |
Plone Plone | =3.0.3 | |
Plone Plone | =3.0.4 | |
Plone Plone | =3.0.5 | |
Plone Plone | =3.0.6 | |
Plone Plone | =3.1 | |
Plone Plone | =3.1.1 | |
Plone Plone | =3.1.2 | |
Plone Plone | =3.1.3 | |
Plone Plone | =3.1.4 | |
Plone Plone | =3.1.5.1 | |
Plone Plone | =3.1.6 | |
Plone Plone | =3.1.7 | |
Plone Plone | =3.2 | |
Plone Plone | =3.2.1 | |
Plone Plone | =3.2.2 | |
Plone Plone | =3.2.3 | |
Plone Plone | =3.3 | |
Plone Plone | =3.3.1 | |
Plone Plone | =3.3.2 | |
Plone Plone | =3.3.3 | |
Plone Plone | =3.3.4 | |
Plone Plone | =3.3.5 | |
Plone Plone | =3.3.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.