A privilege escalation issue in plone.app.contenttypes in Plone 4.3 up to and including 5.2.1 allows users to PUT (overwrite) some content without needing write permission.
We have received CVE numbers from mitreorg Thanks See inline below
On 21/01/2020 23:49, Maurits van Rees wrote:
CVE-2020-7938
CVE-2020-7936
CVE-2020-7940
CVE-2020-7941
CVE-2020-7939
CVE-2020-7937
--
Maurits van Rees mauritsvanreesorg/ ...