Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-33926

An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.

Published

2023-02-17T18:15:11.237

Last Modified

2025-03-19T15:15:36.160

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-918
Type: Secondary
CWE-918

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	plone	plone	4.3	Yes
Application	plone	plone	4.3.1	Yes
Application	plone	plone	4.3.2	Yes
Application	plone	plone	4.3.3	Yes
Application	plone	plone	4.3.4	Yes
Application	plone	plone	4.3.5	Yes
Application	plone	plone	4.3.6	Yes
Application	plone	plone	4.3.7	Yes
Application	plone	plone	4.3.8	Yes
Application	plone	plone	4.3.9	Yes
Application	plone	plone	4.3.10	Yes
Application	plone	plone	4.3.11	Yes
Application	plone	plone	4.3.12	Yes
Application	plone	plone	4.3.14	Yes
Application	plone	plone	4.3.15	Yes
Application	plone	plone	4.3.17	Yes
Application	plone	plone	4.3.18	Yes
Application	plone	plone	4.3.19	Yes
Application	plone	plone	4.3.20	Yes
Application	plone	plone	5.0	Yes
Application	plone	plone	5.0	Yes
Application	plone	plone	5.0	Yes
Application	plone	plone	5.0	Yes
Application	plone	plone	5.0.1	Yes
Application	plone	plone	5.0.2	Yes
Application	plone	plone	5.0.3	Yes
Application	plone	plone	5.0.4	Yes
Application	plone	plone	5.0.5	Yes
Application	plone	plone	5.0.6	Yes
Application	plone	plone	5.0.7	Yes
Application	plone	plone	5.0.8	Yes
Application	plone	plone	5.0.9	Yes
Application	plone	plone	5.0.10	Yes
Application	plone	plone	5.1	Yes
Application	plone	plone	5.1.1	Yes
Application	plone	plone	5.1.2	Yes
Application	plone	plone	5.1.4	Yes
Application	plone	plone	5.1.5	Yes
Application	plone	plone	5.1.6	Yes
Application	plone	plone	5.1.7	Yes
Application	plone	plone	5.1a1	Yes
Application	plone	plone	5.1a2	Yes
Application	plone	plone	5.1b2	Yes
Application	plone	plone	5.1b3	Yes
Application	plone	plone	5.1b4	Yes
Application	plone	plone	5.1rc1	Yes
Application	plone	plone	5.1rc2	Yes
Application	plone	plone	5.2.0	Yes
Application	plone	plone	5.2.1	Yes
Application	plone	plone	5.2.2	Yes
Application	plone	plone	5.2.3	Yes
Application	plone	plone	5.2.4	Yes

References

https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf Exploit, Third Party Advisory ([email protected])
https://plone.org/security/hotfix/20210518 Release Notes ([email protected])
https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url Vendor Advisory ([email protected])
https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://plone.org/security/hotfix/20210518 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)