{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-24T18:06:09.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://plone.org/security/hotfix/20200121"}, {"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"}, {"tags": ["x_refsource_MISC"], "url": "https://plone.org/security/hotfix/20200121/privilege-escalation-when-plone-restapi-is-installed"}, {"name": "[oss-security] 20200124 Re: Plone security hotfix 20200121", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-7938", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://plone.org/security/hotfix/20200121", "refsource": "MISC", "url": "https://plone.org/security/hotfix/20200121"}, {"name": "https://www.openwall.com/lists/oss-security/2020/01/22/1", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"}, {"name": "https://plone.org/security/hotfix/20200121/privilege-escalation-when-plone-restapi-is-installed", "refsource": "MISC", "url": "https://plone.org/security/hotfix/20200121/privilege-escalation-when-plone-restapi-is-installed"}, {"name": "[oss-security] 20200124 Re: Plone security hotfix 20200121", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:48:24.919Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://plone.org/security/hotfix/20200121"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://plone.org/security/hotfix/20200121/privilege-escalation-when-plone-restapi-is-installed"}, {"name": "[oss-security] 20200124 Re: Plone security hotfix 20200121", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-7938", "datePublished": "2020-01-23T20:38:42.000Z", "dateReserved": "2020-01-23T00:00:00.000Z", "dateUpdated": "2024-08-04T09:48:24.919Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D764EF4-D80D-45E1-A654-55802EFB73E7", "versionEndIncluding": "5.2.1", "versionStartIncluding": "5.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level."}, {"lang": "es", "value": "plone.restapi en Plone versiones 5.2.0 hasta 5.2.1, permite a usuarios con un determinado nivel de privilegio escalar sus privilegios hasta el nivel m\u00e1s alto."}], "id": "CVE-2020-7938", "lastModified": "2024-11-21T05:38:02.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-23T21:15:13.333", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://plone.org/security/hotfix/20200121"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://plone.org/security/hotfix/20200121/privilege-escalation-when-plone-restapi-is-installed"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://plone.org/security/hotfix/20200121"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://plone.org/security/hotfix/20200121/privilege-escalation-when-plone-restapi-is-installed"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "plone: privilege escalation in plone.restapi", "id": "1798200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798200"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-284", "details": ["plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level.", "A flaw was found in Plone in versions 5.2.0 through 5.2.1. Users with a certain privilege level can escalate their privileges up to the highest privilege level when the site is using plone.restapi. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "name": "CVE-2020-7938", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "conga", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2020-01-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-7938\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-7938"], "threat_severity": "Important"}

{}