CVE-2024-22889
published 2024-03-06CVE-2024-22889: Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request.
PriorityP347high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.70%
48.4th percentile
Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| plone | plone | — | — |
| plone | plone | 0 – 6.0.9 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Phone information disclosure vulnerability
osv·2024-03-06
CVE-2024-22889 [MEDIUM] Phone information disclosure vulnerability
Phone information disclosure vulnerability
Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request.
GHSA
Phone information disclosure vulnerability
ghsa·2024-03-06
CVE-2024-22889 [MEDIUM] CWE-276 Phone information disclosure vulnerability
Phone information disclosure vulnerability
Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-03-06
Published