The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
Max CVSS
10.0
EPSS Score
0.66%
Published
2020-12-17
Updated
2020-12-18
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.
Max CVSS
9.9
EPSS Score
0.33%
Published
2021-05-21
Updated
2021-05-24
2 vulnerabilities found