CVE-2024-23756

Published: Feb 8, 2024Modified: May 15, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them.

Affected (1)

Products: Plone: Plone

Plone

1 product

Plone

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Plone Plone	Version 5.2.13

References (2)

https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23756

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23756

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.