CVE-2021-33926
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-06-07 CVE Reserved
- 2023-02-17 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-09-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://plone.org/security/hotfix/20210518 | Release Notes |
| URL | Date | SRC |
|---|---|---|
| https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url | 2023-03-02 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 4.3 Search vendor "Plone" for product "Plone" and version "4.3" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 4.3.1 Search vendor "Plone" for product "Plone" and version "4.3.1" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 4.3.2 Search vendor "Plone" for product "Plone" and version "4.3.2" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 4.3.3 Search vendor "Plone" for product "Plone" and version "4.3.3" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 4.3.4 Search vendor "Plone" for product "Plone" and version "4.3.4" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 4.3.5 Search vendor "Plone" for product "Plone" and version "4.3.5" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 4.3.6 Search vendor "Plone" for product "Plone" and version "4.3.6" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 4.3.7 Search vendor "Plone" for product "Plone" and version "4.3.7" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 4.3.8 Search vendor "Plone" for product "Plone" and version "4.3.8" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 4.3.9 Search vendor "Plone" for product "Plone" and version "4.3.9" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 4.3.10 Search vendor "Plone" for product "Plone" and version "4.3.10" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 4.3.11 Search vendor "Plone" for product "Plone" and version "4.3.11" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 4.3.12 Search vendor "Plone" for product "Plone" and version "4.3.12" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 4.3.14 Search vendor "Plone" for product "Plone" and version "4.3.14" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 4.3.15 Search vendor "Plone" for product "Plone" and version "4.3.15" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 4.3.17 Search vendor "Plone" for product "Plone" and version "4.3.17" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 4.3.18 Search vendor "Plone" for product "Plone" and version "4.3.18" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 4.3.19 Search vendor "Plone" for product "Plone" and version "4.3.19" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 4.3.20 Search vendor "Plone" for product "Plone" and version "4.3.20" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.0 Search vendor "Plone" for product "Plone" and version "5.0" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.0 Search vendor "Plone" for product "Plone" and version "5.0" | rc1 |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.0 Search vendor "Plone" for product "Plone" and version "5.0" | rc2 |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.0 Search vendor "Plone" for product "Plone" and version "5.0" | rc3 |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.0.1 Search vendor "Plone" for product "Plone" and version "5.0.1" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.0.2 Search vendor "Plone" for product "Plone" and version "5.0.2" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.0.3 Search vendor "Plone" for product "Plone" and version "5.0.3" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.0.4 Search vendor "Plone" for product "Plone" and version "5.0.4" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.0.5 Search vendor "Plone" for product "Plone" and version "5.0.5" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.0.6 Search vendor "Plone" for product "Plone" and version "5.0.6" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.0.7 Search vendor "Plone" for product "Plone" and version "5.0.7" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.0.8 Search vendor "Plone" for product "Plone" and version "5.0.8" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.0.9 Search vendor "Plone" for product "Plone" and version "5.0.9" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.0.10 Search vendor "Plone" for product "Plone" and version "5.0.10" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.1 Search vendor "Plone" for product "Plone" and version "5.1" | alpha2 |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.1.1 Search vendor "Plone" for product "Plone" and version "5.1.1" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.1.2 Search vendor "Plone" for product "Plone" and version "5.1.2" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.1.4 Search vendor "Plone" for product "Plone" and version "5.1.4" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.1.5 Search vendor "Plone" for product "Plone" and version "5.1.5" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.1.6 Search vendor "Plone" for product "Plone" and version "5.1.6" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.1.7 Search vendor "Plone" for product "Plone" and version "5.1.7" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.1a1 Search vendor "Plone" for product "Plone" and version "5.1a1" | alpha1 |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.1a2 Search vendor "Plone" for product "Plone" and version "5.1a2" | beta4 |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.1b2 Search vendor "Plone" for product "Plone" and version "5.1b2" | beta3 |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.1b3 Search vendor "Plone" for product "Plone" and version "5.1b3" | beta2 |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.1b4 Search vendor "Plone" for product "Plone" and version "5.1b4" | rc2 |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.1rc1 Search vendor "Plone" for product "Plone" and version "5.1rc1" | rc1 |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.1rc2 Search vendor "Plone" for product "Plone" and version "5.1rc2" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.2.0 Search vendor "Plone" for product "Plone" and version "5.2.0" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.2.1 Search vendor "Plone" for product "Plone" and version "5.2.1" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.2.2 Search vendor "Plone" for product "Plone" and version "5.2.2" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.2.3 Search vendor "Plone" for product "Plone" and version "5.2.3" | - |
Affected
| ||||||
| Plone Search vendor "Plone" | Plone Search vendor "Plone" for product "Plone" | 5.2.4 Search vendor "Plone" for product "Plone" and version "5.2.4" | - |
Affected
| ||||||