In association with heise online

09 February 2011, 14:51

Plone CMS patch close security vulnerability

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Plone Logo The Plone Foundation has confirmed that its Plone open source content management system (CMS) contains a privilege escalation vulnerability. According to the Plone Security team, the security issue could allow "anonymous users to gain access to a Plone site's administration controls, view unpublished content, create new content and modify a site's skin".

All versions since 2.5 (e.g. 2.5, 3.0, 3.1, 3.2, 3.3, 4.0; including all minor and development revisions) are reportedly at risk – Plone 1.0, 2.0 and 2.1 are not affected. A hotfix patch that corrects the issue is available to download from the Plone Foundation web site. All users are advised to install the patch.

Further information about the vulnerability can be found in the below security advisory. Plone is made available under the GPL.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit