CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-23756: The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute...

Description

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them.

Classification

CVE ID: CVE-2024-23756

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.22% (probability of being exploited)

EPSS Percentile: 44.47% (scored less or equal to compared to others)

EPSS Date: 2025-06-13 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: poc

SSVC Technical Impact: partial

SSVC Automatable: true

References

https://nvd.nist.gov/vuln/detail/CVE-2024-23756
https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23756

Timeline

2025-05-15 20:40:14 UTC
CVE

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute...