CVE-2024-23756

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 8, 2024

Updated: Feb 15, 2024

Summary

CVE-2024-23756 is a vulnerability affecting the Plone official Docker version 5.2.13 (5221). This issue allows unauthenticated attackers to exploit the enabled HTTP PUT and DELETE methods. The result can be dangerous actions such as uploading files to the server or deleting existing ones, potentially leading to data loss or unauthorized access. This vulnerability poses a significant risk and requires immediate attention to apply the necessary patches or updates to mitigate it.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Plone

Affected Vendors

PloNE

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uO9ewE
https://www.cve.org/CVERecord?id=CVE-2024-23756
https://nvd.nist.gov/vuln/detail/CVE-2024-23756

Back to Vulnerability Database