Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request.
{ "nvd_published_at": "2024-03-06T00:15:52Z", "cwe_ids": [ "CWE-276" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-03-06T15:31:16Z" }