-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PythonPythonMiggo AIRoot Cause AnalysisThe vulnerability stems from KwAsAttributes-derived classes in CMFEditions being inadvertently publishable. In Zope/Plone architecture, classes using KwAsAttributes require explicit security declarations to prevent web exposure. The advisory indicates these declarations were missing in affected versions, allowing anonymous access to sub-objects. While exact method names aren't provided, the root cause is the insecure configuration of these classes' publishable status.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Plone | pip | >= 4.0, <= 4.0.9 | 4.0.10 |
| Plone | pip | >= 4.1, < 4.1.1 | 4.1.1 |
| Plone | pip | >= 4.2a1, <= 4.2a2 | 4.2a3 |
KEV Misses 88% of Exploited CVEs- Get the report