CVE-2024-23756
First published: Thu Feb 08 2024(Updated: )
The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Plone CMS | =5.2.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-23756?
CVE-2024-23756 is considered a critical vulnerability due to the potential for unauthenticated attackers to upload or delete files on the server.
How do I fix CVE-2024-23756?
To fix CVE-2024-23756, disable the HTTP PUT and DELETE methods in your Plone configuration or update to a patched version.
Which versions of Plone are affected by CVE-2024-23756?
CVE-2024-23756 affects Plone version 5.2.13.
What actions can attackers perform due to CVE-2024-23756?
Attackers can upload and delete files on the server as a result of CVE-2024-23756.
Is user authentication required to exploit CVE-2024-23756?
No, CVE-2024-23756 allows unauthenticated attackers to exploit the vulnerability.
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/severity
- agent/softwarecombine
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/plone
- canonical/plone cms
- version/plone cms/5.2.13