CVE-2013-4189
Summary
| CVE | CVE-2013-4189 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-03-11 19:37:02 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors. |
Risk And Classification
Primary CVSS: v2.0 6.5 from [email protected]
AV:N/AC:L/Au:S/C:P/I:P/A:P
Problem Types: NVD-CWE-noinfo | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
SingleConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:L/Au:S/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Plone | Plone | 2.1 | All | All | All |
| Application | Plone | Plone | 2.1.1 | All | All | All |
| Application | Plone | Plone | 2.1.2 | All | All | All |
| Application | Plone | Plone | 2.1.3 | All | All | All |
| Application | Plone | Plone | 2.1.4 | All | All | All |
| Application | Plone | Plone | 2.5 | All | All | All |
| Application | Plone | Plone | 2.5.1 | All | All | All |
| Application | Plone | Plone | 2.5.2 | All | All | All |
| Application | Plone | Plone | 2.5.3 | All | All | All |
| Application | Plone | Plone | 2.5.4 | All | All | All |
| Application | Plone | Plone | 2.5.5 | All | All | All |
| Application | Plone | Plone | 3.0 | All | All | All |
| Application | Plone | Plone | 3.0.1 | All | All | All |
| Application | Plone | Plone | 3.0.2 | All | All | All |
| Application | Plone | Plone | 3.0.3 | All | All | All |
| Application | Plone | Plone | 3.0.4 | All | All | All |
| Application | Plone | Plone | 3.0.5 | All | All | All |
| Application | Plone | Plone | 3.0.6 | All | All | All |
| Application | Plone | Plone | 3.1 | All | All | All |
| Application | Plone | Plone | 3.1.1 | All | All | All |
| Application | Plone | Plone | 3.1.2 | All | All | All |
| Application | Plone | Plone | 3.1.3 | All | All | All |
| Application | Plone | Plone | 3.1.4 | All | All | All |
| Application | Plone | Plone | 3.1.5.1 | All | All | All |
| Application | Plone | Plone | 3.1.6 | All | All | All |
| Application | Plone | Plone | 3.1.7 | All | All | All |
| Application | Plone | Plone | 3.2 | All | All | All |
| Application | Plone | Plone | 3.2.1 | All | All | All |
| Application | Plone | Plone | 3.2.2 | All | All | All |
| Application | Plone | Plone | 3.2.3 | All | All | All |
| Application | Plone | Plone | 3.3 | All | All | All |
| Application | Plone | Plone | 3.3.1 | All | All | All |
| Application | Plone | Plone | 3.3.2 | All | All | All |
| Application | Plone | Plone | 3.3.3 | All | All | All |
| Application | Plone | Plone | 3.3.4 | All | All | All |
| Application | Plone | Plone | 3.3.5 | All | All | All |
| Application | Plone | Plone | 4.0 | All | All | All |
| Application | Plone | Plone | 4.0.1 | All | All | All |
| Application | Plone | Plone | 4.0.2 | All | All | All |
| Application | Plone | Plone | 4.0.3 | All | All | All |
| Application | Plone | Plone | 4.0.4 | All | All | All |
| Application | Plone | Plone | 4.0.5 | All | All | All |
| Application | Plone | Plone | 4.0.6.1 | All | All | All |
| Application | Plone | Plone | 4.1 | All | All | All |
| Application | Plone | Plone | 4.2 | All | All | All |
| Application | Plone | Plone | 4.2.1 | All | All | All |
| Application | Plone | Plone | 4.2.2 | All | All | All |
| Application | Plone | Plone | 4.2.3 | All | All | All |
| Application | Plone | Plone | 4.2.4 | All | All | All |
| Application | Plone | Plone | 4.2.5 | All | All | All |
| Application | Plone | Plone | 4.3 | All | All | All |
| Application | Plone | Plone | 4.3.1 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| oss-sec: Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors) | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | |
| 978450 – (CVE-2013-4189) CVE-2013-4189 plone: Privilege escalation due improper authorization (dataitems.py, get.py, traverseName.py) | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | |
| Security vulnerability announcement: 20130618 - Multiple vectors — Plone CMS: Open Source Content Management | af854a3a-2127-422b-91ae-364da2661108 | plone.org | Vendor Advisory |
| Plone Hotfix 20130618 — Plone CMS: Open Source Content Management | af854a3a-2127-422b-91ae-364da2661108 | plone.org | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.