CVE-2021-33926
Summary
| CVE | CVE-2021-33926 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-02-17 18:15:00 UTC |
| Updated | 2023-03-02 15:04:00 UTC |
| Description | An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet. |
Risk And Classification
Problem Types: CWE-918
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Plone | Plone | 4.3 | All | All | All |
| Application | Plone | Plone | 4.3.1 | All | All | All |
| Application | Plone | Plone | 4.3.10 | All | All | All |
| Application | Plone | Plone | 4.3.11 | All | All | All |
| Application | Plone | Plone | 4.3.12 | All | All | All |
| Application | Plone | Plone | 4.3.14 | All | All | All |
| Application | Plone | Plone | 4.3.15 | All | All | All |
| Application | Plone | Plone | 4.3.17 | All | All | All |
| Application | Plone | Plone | 4.3.18 | All | All | All |
| Application | Plone | Plone | 4.3.19 | All | All | All |
| Application | Plone | Plone | 4.3.2 | All | All | All |
| Application | Plone | Plone | 4.3.20 | All | All | All |
| Application | Plone | Plone | 4.3.3 | All | All | All |
| Application | Plone | Plone | 4.3.4 | All | All | All |
| Application | Plone | Plone | 4.3.5 | All | All | All |
| Application | Plone | Plone | 4.3.6 | All | All | All |
| Application | Plone | Plone | 4.3.7 | All | All | All |
| Application | Plone | Plone | 4.3.8 | All | All | All |
| Application | Plone | Plone | 4.3.9 | All | All | All |
| Application | Plone | Plone | 5.0 | - | All | All |
| Application | Plone | Plone | 5.0 | rc1 | All | All |
| Application | Plone | Plone | 5.0 | rc2 | All | All |
| Application | Plone | Plone | 5.0 | rc3 | All | All |
| Application | Plone | Plone | 5.0.1 | All | All | All |
| Application | Plone | Plone | 5.0.10 | All | All | All |
| Application | Plone | Plone | 5.0.2 | All | All | All |
| Application | Plone | Plone | 5.0.3 | All | All | All |
| Application | Plone | Plone | 5.0.4 | All | All | All |
| Application | Plone | Plone | 5.0.5 | All | All | All |
| Application | Plone | Plone | 5.0.6 | All | All | All |
| Application | Plone | Plone | 5.0.7 | All | All | All |
| Application | Plone | Plone | 5.0.8 | All | All | All |
| Application | Plone | Plone | 5.0.9 | All | All | All |
| Application | Plone | Plone | 5.1 | alpha2 | All | All |
| Application | Plone | Plone | 5.1.1 | All | All | All |
| Application | Plone | Plone | 5.1.2 | All | All | All |
| Application | Plone | Plone | 5.1.4 | All | All | All |
| Application | Plone | Plone | 5.1.5 | All | All | All |
| Application | Plone | Plone | 5.1.6 | All | All | All |
| Application | Plone | Plone | 5.1.7 | All | All | All |
| Application | Plone | Plone | 5.1a1 | alpha1 | All | All |
| Application | Plone | Plone | 5.1a2 | beta4 | All | All |
| Application | Plone | Plone | 5.1b2 | beta3 | All | All |
| Application | Plone | Plone | 5.1b3 | beta2 | All | All |
| Application | Plone | Plone | 5.1b4 | rc2 | All | All |
| Application | Plone | Plone | 5.1rc1 | rc1 | All | All |
| Application | Plone | Plone | 5.1rc2 | - | All | All |
| Application | Plone | Plone | 5.2.0 | All | All | All |
| Application | Plone | Plone | 5.2.1 | All | All | All |
| Application | Plone | Plone | 5.2.2 | All | All | All |
| Application | Plone | Plone | 5.2.3 | All | All | All |
| Application | Plone | Plone | 5.2.4 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Blind SSRF via feedparser accessing an internal URL — Plone: Enterprise Level CMS - Free and OpenSource - Community Driven - Secure | MISC | plone.org | |
| 20210518 — Plone: Enterprise Level CMS - Free and OpenSource - Community Driven - Secure | MISC | plone.org | |
| Subodh/Plone 5.2.4 Vulnerable to bilend SSRF.pdf at master · s-kustm/Subodh · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.