What is the severity of CVE-2013-7060?

CVE-2013-7060 has a medium severity rating, indicating a moderate risk to affected systems.

How do I fix CVE-2013-7060?

To fix CVE-2013-7060, users should upgrade to Plone version 4.3.3 or later.

What versions are affected by CVE-2013-7060?

CVE-2013-7060 affects Plone versions from 3.3 to 4.3.2.

Can CVE-2013-7060 lead to unauthorized access?

Yes, CVE-2013-7060 can allow remote attackers to gain information about the installation path, potentially leading to further exploitation.

Is CVE-2013-7060 a local or remote vulnerability?

CVE-2013-7060 is a remote vulnerability that can be exploited by attackers without needing local access.

Vulnerability/
CVE-2013-7060

medium

5.3

CWE

200

2/5/2014

17/5/2022

15/10/2024

CVE-2013-7060: Infoleak

First published: Fri May 02 2014(Updated: )

Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
pip/Products.CMFPlone	>=3.3<4.3.3	4.3.3
pip/plone	>=3.3<=4.3.2	4.3.3
Plone CMS	=3.3
Plone CMS	=3.3.1
Plone CMS	=3.3.2
Plone CMS	=3.3.3
Plone CMS	=3.3.4
Plone CMS	=3.3.5
Plone CMS	=3.3.6
Plone CMS	=4.0
Plone CMS	=4.0.1
Plone CMS	=4.0.2
Plone CMS	=4.0.3
Plone CMS	=4.0.4
Plone CMS	=4.0.5
Plone CMS	=4.0.7
Plone CMS	=4.0.9
Plone CMS	=4.1
Plone CMS	=4.1.1
Plone CMS	=4.1.2
Plone CMS	=4.1.3
Plone CMS	=4.1.4
Plone CMS	=4.1.5
Plone CMS	=4.1.6
Plone CMS	=4.2
Plone CMS	=4.2.1
Plone CMS	=4.2.2
Plone CMS	=4.2.3
Plone CMS	=4.2.4
Plone CMS	=4.2.5
Plone CMS	=4.2.6
Plone CMS	=4.2.7
Plone CMS	=4.3
Plone CMS	=4.3.1
Plone CMS	=4.3.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-7060?
CVE-2013-7060 has a medium severity rating, indicating a moderate risk to affected systems.
How do I fix CVE-2013-7060?
To fix CVE-2013-7060, users should upgrade to Plone version 4.3.3 or later.
What versions are affected by CVE-2013-7060?
CVE-2013-7060 affects Plone versions from 3.3 to 4.3.2.
Can CVE-2013-7060 lead to unauthorized access?
Yes, CVE-2013-7060 can allow remote attackers to gain information about the installation path, potentially leading to further exploitation.
Is CVE-2013-7060 a local or remote vulnerability?
CVE-2013-7060 is a remote vulnerability that can be exploited by attackers without needing local access.

agent/author
agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/description
agent/first-publish-date
collector/github-advisory-latest
source/GitHub
alias/GHSA-rg52-j87w-pf83
alias/CVE-2013-7060
agent/software-canonical-lookup
agent/references
agent/last-modified-date
agent/severity
agent/softwarecombine
agent/event
collector/github-advisory
agent/trending
agent/source
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/pip
vendor/plone
canonical/plone cms
version/plone cms/3.3
version/plone cms/3.3.1
version/plone cms/3.3.2
version/plone cms/3.3.3
version/plone cms/3.3.4
version/plone cms/3.3.5
version/plone cms/3.3.6
version/plone cms/4.0
version/plone cms/4.0.1
version/plone cms/4.0.2
version/plone cms/4.0.3
version/plone cms/4.0.4
version/plone cms/4.0.5
version/plone cms/4.0.7
version/plone cms/4.0.9
version/plone cms/4.1
version/plone cms/4.1.1
version/plone cms/4.1.2
version/plone cms/4.1.3
version/plone cms/4.1.4
version/plone cms/4.1.5
version/plone cms/4.1.6
version/plone cms/4.2
version/plone cms/4.2.1
version/plone cms/4.2.2
version/plone cms/4.2.3
version/plone cms/4.2.4
version/plone cms/4.2.5
version/plone cms/4.2.6
version/plone cms/4.2.7
version/plone cms/4.3
version/plone cms/4.3.1
version/plone cms/4.3.2