{
  "threat_severity" : "Important",
  "public_date" : "2020-01-23T00:00:00Z",
  "bugzilla" : {
    "description" : "plone: privilege escalation for overwriting content without needing write permission",
    "id" : "1798201",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1798201"
  },
  "cvss3" : {
    "cvss3_base_score" : "9.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-284",
  "details" : [ "A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.", "A privilege escalation flaw was found in plone in versions 4.3 through 5.2.1. Users are allowed to PUT (overwrite) some content without needing write permissions. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Out of support scope",
    "package_name" : "conga",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-7941\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-7941" ],
  "name" : "CVE-2020-7941",
  "csaw" : false
}