Privilege escalation
This is an escalation of privileges attack which makes it possible for an authenticated Plone user to edit the properties of other users, bypassing authorization checks.
Versions affected
- 4.0.5
- 4.0.4
- 4.0.3
- 4.0.2
- 4.0.1
- 4.1
Vulnerability
Current status
Credits
Discovered by
- Unknown (3rd Party)
Fixed by
- Plone Security Team
Coordinated by
- Plone Security Team