{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-12-10T00:00:00", "descriptions": [{"lang": "en", "value": "Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-05-02T11:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://plone.org/security/20131210/catalogue-exposure"}, {"name": "[oss-security] 20131211 Re: CVE request for Plone", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/12/12/3"}, {"name": "[oss-security] 20131210 CVE request for Plone", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/12/10/15"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7061", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://plone.org/security/20131210/catalogue-exposure", "refsource": "CONFIRM", "url": "https://plone.org/security/20131210/catalogue-exposure"}, {"name": "[oss-security] 20131211 Re: CVE request for Plone", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/12/12/3"}, {"name": "[oss-security] 20131210 CVE request for Plone", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/12/10/15"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:53:46.062Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://plone.org/security/20131210/catalogue-exposure"}, {"name": "[oss-security] 20131211 Re: CVE request for Plone", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/12/12/3"}, {"name": "[oss-security] 20131210 CVE request for Plone", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/12/10/15"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-7061", "datePublished": "2014-05-02T14:00:00", "dateReserved": "2013-12-11T00:00:00", "dateUpdated": "2024-08-06T17:53:46.062Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "858CBC5A-C241-475C-8125-C5EA351B12A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "F1F88BF6-9058-4CB8-A2D6-5653860CF489", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "72F3B15A-CD0F-4CC5-A76F-E62637B30E2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D8883023-113A-420A-97B6-A4A9B29CF7DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "4DF4D113-8D9D-4DA3-A177-64783352F608", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "28F9B699-D1A4-425C-84ED-6A8FD29BE7F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "DCC8B987-5173-4C61-8DE6-B70C18EE6FD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "38BA31E8-77EC-478B-BC6E-E2F145A8B9BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "56571585-E9A2-4B78-B2B1-5D8EADED522A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API."}, {"lang": "es", "value": "Products/CMFPlone/CatalogTool.py en Plone 3.3 hasta 4.3.2 permite a administradores remotos evadir restricciones y obtener informaci\u00f3n sensible a trav\u00e9s de una API de b\u00fasqueda no especificada."}], "id": "CVE-2013-7061", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-02T14:55:05.417", "references": [{"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2013/12/10/15"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2013/12/12/3"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://plone.org/security/20131210/catalogue-exposure"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2013/12/10/15"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2013/12/12/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://plone.org/security/20131210/catalogue-exposure"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "plone: privilege escalation through exposed underlying API", "id": "1040379", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1040379"}, "csaw": false, "cvss": {"cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "draft"}, "cwe": "CWE-285", "details": ["Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API."], "name": "CVE-2013-7061", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "conga", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2013-12-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-7061\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-7061"], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Low"}

{}