Homepage
About Snyk

Information Exposure Affecting plone package, versions [,3.0.0)

0.0
high

Snyk CVSS

    Attack Complexity Low

    Threat Intelligence

    EPSS 1.15% (85th percentile)
Expand this section
NVD
7.3 high

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PYTHON-PLONE-40790
  • published 17 Jun 2018
  • disclosed 20 Mar 2008
  • credit Unknown
Report a new vulnerability Found a mistake?

Introduced: 20 Mar 2008

CVE-2008-1394 Open this link in a new tab
CWE-255 Open this link in a new tab

How to fix?

Upgrade plone to version 3.0.0 or higher.

Overview

plone is a user friendly and extensible Content Management System running on top of Python and Zope.

Affected versions of this package are vulnerable to Information Exposure. It places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network.

References