Description

Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.

Remediation

References

CVE-2021-33510

Related Vulnerabilities

Squid Improper Input Validation Vulnerability (CVE-2021-33620)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-0925)

Apache HTTP Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-1927)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-16862)

Jenkins Protection Mechanism Failure Vulnerability (CVE-2021-21690 )

Severity

Medium

Classification

CVE-2021-33510 CWE-918 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities