Denial of Service attack by privileged users

Logged in users could cause a Plone instance to become unresponsive

Versions affected

4.3.1
4.3
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2
4.1.6
4.1.5
4.1.4
4.1.3
4.1.2
4.1.1
4.1
4.0.10
4.0.9
4.0.8
4.0.7
4.0.5
4.0.4
4.0.3
4.0.2
4.0.1
4.0
3.3.6
3.3.5
3.3.4
3.3.3
3.3.2

Vulnerability

Current status

Credits

Discovered by

Plone Security Team

Fixed by

Plone Security Team

Coordinated by

Plone Security Team

You can contact the security team confidentially by email at security@plone.org

More information

CVE Identifier

CVE-2013-4188

Type

Severity

0.0 – low
Vector	Local
Complexity	High
Authentication	Multiple
Confidentiality	None
Integrity	None
Availability	None

Timeline

Vulnerability reported:
Hotfix released: