PYSEC-2009-17

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2009-17.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2009-17

Aliases

CVE-2009-0662
GHSA-pq3x-96c3-xgjg

Published

2009-04-23T17:30:01.640Z

Modified

2026-05-21T15:00:25.704221160Z

Summary

[none]

Details

The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.

References

http://osvdb.org/53975
http://www.securityfocus.com/bid/34664
https://exchange.xforce.ibmcloud.com/vulnerabilities/50061
http://secunia.com/advisories/34840
http://plone.org/products/plone/security/advisories/cve-2009-0662

Affected packages

PyPI / plone

Package

Name: plone; View open source insights on deps.dev
Purl: pkg:pypi/plone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0

Last affected

3.1

Last affected

3.2

Last affected

3.3

Last affected

3.4

Last affected

3.5

Affected versions

3.*

3.2

3.3

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2009-17.yaml"