Privilege escalation

A highly serious vulnerability in Zope that allows unauthorised access

Versions affected

3.3.5
3.3.4
3.3.3
3.3.2

Vulnerability

Current status

Credits

Discovered by

Plone Security Team

Fixed by

Plone Security Team

Coordinated by

Plone Security Team

You can contact the security team confidentially by email at security@plone.org

More information

CVE Identifier

CVE-2011-2528

Type

Severity

6.1 – medium
Vector	Network
Complexity	High
Authentication	None
Confidentiality	Complete
Integrity	Partial
Availability	None

Timeline

Vulnerability reported: 2011-06-18
Hotfix released: 2011-06-28