-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Plone | pip | >= 4.3, <= 5.2.1 | |
| plone.app.contenttypes | pip | < 2.1.6 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper privilege management in plone.app.contenttypes, specifically allowing unauthenticated PUT operations. The fix in version 2.1.6 explicitly mentions adding permission checks. The FileUploadView's PUT handler is a logical candidate, as it handles content updates and would require write permission checks. The CWE-269 classification confirms this is an authorization flaw, aligning with missing checks in content modification functions.
A Semantic Attack on Google Gemini - Read the Latest Research