CVE-2013-7060

Plone 3.3-4.3.2 - Unauthenticated Installation Path Exposure via FactoryTool File Object

Title source: llm
STIX 2.1

Description

Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_confirm
https://plone.org/security/20131210/path-leak
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/12/12/3
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/12/10/15

Scores

EPSS 0.0140
EPSS Percentile 69.2%

Details

CWE
CWE-200
Status published
Products (35)
plone/plone 3.3
plone/plone 3.3.1
plone/plone 3.3.2
plone/plone 3.3.3
plone/plone 3.3.4
plone/plone 3.3.5
plone/plone 3.3.6
plone/plone 4.0
plone/plone 4.0.1
plone/plone 4.0.2
... and 25 more
Published May 02, 2014
Tracked Since Feb 18, 2026