-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Plone | pip | >= 3.3, < 4.3.10 | 4.3.10 |
| Plone | pip | >= 5.0, < 5.0.5 | 5.0.5 |
| Plone | pip | = 5.1a1 | 5.1a2 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing security declarations in Dexterity's WebDAV handling. WebDAVView is the primary handler for WebDAV operations in Dexterity, and security declarations (like @security.private or explicit permission checks) would normally be required here. The FTI (Factory Type Information) components handle content creation/modification via WebDAV PUT requests. Without Zope security declarations (either via decorators or ZCML), these entry points would bypass Plone's permission system. While exact pre-patch code isn't available, Dexterity's WebDAV integration architecture and Plone's security patterns strongly suggest these components as vulnerable entry points.