Plone Docker Image 5.2.13 RCE via improper HOST header validation
CVE-2024-23055 Published on January 25, 2024

An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers.

NVD

Vulnerability Analysis

CVE-2024-23055 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. An automatable proof of concept (POC) exploit exists. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

CHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

NONE

Products Associated with CVE-2024-23055

stack.watch emails you whenever new vulnerabilities are published in Plone Docker Official Image or Plone. Just hit a watch button to start following.

Plone Docker Official Image

Plone

Exploit Probability

EPSS

2.24%

Percentile

84.33%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Plone Docker Image 5.2.13 RCE via improper HOST header validationCVE-2024-23055 Published on January 25, 2024

Vulnerability Analysis

Products Associated with CVE-2024-23055

Exploit Probability

Plone Docker Image 5.2.13 RCE via improper HOST header validation
CVE-2024-23055 Published on January 25, 2024