CVE-2016-4043

Published: Feb 24, 2017Modified: May 13, 2026

4.9

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.

Affected (9)

Products: Plone: Plone

Plone

1 product

Plone

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Plone Plone	Version 5.0.1
Plone Plone	Version 5.0.2
Plone Plone	Version 5.0.3
Plone Plone	Version 5.0.4
Plone Plone	Version 5.0
Plone Plone	Version 5.0 rc1
Plone Plone	Version 5.0 rc2
Plone Plone	Version 5.0 rc3
Plone Plone	Version 5.1a1

Related CWEs

CWE-264

References (4)

http://www.openwall.com/lists/oss-security/2016/04/20/3

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://plone.org/security/hotfix/20160419/bypass-restricted-python

Source: cve@mitre.org

Vendor Advisory

http://www.openwall.com/lists/oss-security/2016/04/20/3

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://plone.org/security/hotfix/20160419/bypass-restricted-python

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.