CVE-2024-22889

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-22889

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-22889.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-22889

Aliases

GHSA-xg5p-8wg5-rhxm

Published

2024-03-06T00:15:52.633Z

Modified

2025-11-15T15:39:32.459305Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request.

References

https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9

Affected packages

Git / github.com/plone/plone

Affected ranges

Type: GIT
Repo: https://github.com/plone/plone
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

33c682d153dbc0e1a1eeba4ad16129abc6092cc1

Affected versions

4.*

4.1.0

4.1a1

4.1a2

4.1a3

4.1b1

4.1b2

4.1rc1

4.1rc2

4.1rc3

4.2a1

4.2a2

4.2b1

4.2b2

4.2rc1

4.3

4.3.1

4.3a1

4.3a2

4.3b1

4.3b2

5.*

5.0

5.0.1

5.0.2

5.0a2

5.0a3

5.0b1

5.0b3

5.0b4

5.0rc1

5.0rc2

5.0rc3

5.1.0

5.1.1

5.1.2

5.1.3

5.1.4

5.1a1

5.1a2

5.1b1

5.1b2

5.1b3

5.1b4

5.1rc1

5.1rc2

5.2.0

5.2a1

5.2a2

5.2b1

5.2rc1

5.2rc2

5.2rc3

5.2rc4

5.2rc5

6.*

6.0.0

6.0.0a1

6.0.0a1.dev0

6.0.0a2

6.0.0a3

6.0.0a4

6.0.0a5

6.0.0b1

6.0.0b2

6.0.0b3

6.0.0rc1

6.0.0rc2

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.0.8

6.0.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-22889.json"