CVE-2021-33926

Advisory

Plone 5.2.5 and 4.3.20 include a fix for CVE-2021-33926: By adding an RSS feed portlet in their dashboard, a normal member could try loading the RSS feed of an internal service which is otherwise unreachable for this member.
https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url

Affected package

Affected versions

Fixed versions

Vulnerability changelog

An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet. See CVE-2021-33926.


MISC:https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf: https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf
MISC:https://plone.org/security/hotfix/20210518: https://plone.org/security/hotfix/20210518
MISC:https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url: https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url

Resources

• https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf
• https://plone.org/security/hotfix/20210518
• https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33926