Information Exposure Affecting plone package, versions [,3.0.0)


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
1.44% (87th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PYTHON-PLONE-40790
  • published17 Jun 2018
  • disclosed20 Mar 2008
  • creditUnknown

Introduced: 20 Mar 2008

CVE-2008-1394  (opens in a new tab)
CWE-255  (opens in a new tab)

How to fix?

Upgrade plone to version 3.0.0 or higher.

Overview

plone is a user friendly and extensible Content Management System running on top of Python and Zope.

Affected versions of this package are vulnerable to Information Exposure. It places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network.

References

CVSS Scores

version 3.1