CVE-2024-22889: Phone information disclosure vulnerability

March 6, 2024 (updated October 31, 2024)

Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request.

References

github.com/advisories/GHSA-xg5p-8wg5-rhxm
github.com/plone/Plone
github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9
nvd.nist.gov/vuln/detail/CVE-2024-22889

Code Behaviors & Features

Detect and mitigate CVE-2024-22889 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →