Privilege escalation

This is an escalation of privileges attack which makes it possible for an authenticated Plone user to edit the properties of other users, bypassing authorization checks.

Versions affected

  • 4.0.5
  • 4.0.4
  • 4.0.3
  • 4.0.2
  • 4.0.1
  • 4.1

Vulnerability

Current status

Credits

Discovered by

  • Unknown (3rd Party)

Fixed by

  • Plone Security Team

Coordinated by

  • Plone Security Team