CVE-2024-23756

{"id": "CVE-2024-23756", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-02-08T21:15:08.380", "references": [{"url": "https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23756", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them."}, {"lang": "es", "value": "Los m\u00e9todos HTTP PUT y DELETE est\u00e1n habilitados en la versi\u00f3n 5.2.13 (5221) oficial de Docker de Plone, lo que permite a atacantes no autenticados ejecutar acciones peligrosas como cargar archivos al servidor o eliminarlos."}], "lastModified": "2024-02-15T16:01:08.870", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:plone:plone:5.2.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAB57250-2183-41C5-9EC2-6D32A991516D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}