CVE-2024-23055

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

A

n issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers.

References

Link	Resource
http://plone.com	Broken Link
http://ploneorg.com	Product
https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23055	Exploit Third Party Advisory
http://plone.com	Broken Link
http://ploneorg.com	Product
https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23055	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:plone:plone_docker_official_image:5.2.13:*:*:*:*:*:*:*

History

21 Nov 2024, 08:56

Type	Values Removed	Values Added
References	~~() http://plone.com - Broken Link~~	() http://plone.com - Broken Link
References	~~() http://ploneorg.com - Product~~	() http://ploneorg.com - Product
References	~~() https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23055 - Exploit, Third Party Advisory~~	() https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23055 - Exploit, Third Party Advisory

Information

Published : 2024-01-25 22:15

Updated : 2025-06-17 15:15

NVD link : CVE-2024-23055

Mitre link : CVE-2024-23055

CVE.ORG link : CVE-2024-23055

JSON object : View

Products Affected

plone_docker_official_image

CWE

NVD-CWE-Other

{"id": "CVE-2024-23055", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2024-01-25T22:15:08.623", "references": [{"url": "http://plone.com", "tags": ["Broken Link"], "source": "[email protected]"}, {"url": "http://ploneorg.com", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23055", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "http://plone.com", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://ploneorg.com", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23055", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers."}, {"lang": "es", "value": "Un problema en el software de c\u00f3digo abierto Plone Docker Official Image 5.2.13 (5221) permite la ejecuci\u00f3n remota de c\u00f3digo mediante una validaci\u00f3n incorrecta de la entrada por parte de los encabezados HOST."}], "lastModified": "2025-06-17T15:15:39.340", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:plone:plone_docker_official_image:5.2.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "277934F5-1C92-4B1C-85DE-93C7464108DA"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}