What is GHSA-pq3x-96c3-xgjg?

GHSA-pq3x-96c3-xgjg is a security advisory published by GitHub Security Advisories with Medium severity. Moderate severity vulnerability that affects Products.PlonePAS

Which CVE IDs does GHSA-pq3x-96c3-xgjg cover?

GHSA-pq3x-96c3-xgjg covers the following CVE IDs: CVE-2009-0662. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

Which products are affected by GHSA-pq3x-96c3-xgjg?

GHSA-pq3x-96c3-xgjg affects 1 product, including: pip/Products.PlonePAS:\u003e= 3, \u003c 3.9.

GHSA-pq3x-96c3-xgjgMedium

Moderate severity vulnerability that affects Products.PlonePAS

Vendor

GitHub Security Advisories

Published

July 23, 2018

Last Modified

June 6, 2026

🔗 CVE IDs covered (1)

CVE-2009-0662 →

📋 Description

The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.

🎯 Affected products1

pip/Products.PlonePAS:>= 3, < 3.9

🔗 References (8)

https://nvd.nist.gov/vuln/detail/CVE-2009-0662
https://exchange.xforce.ibmcloud.com/vulnerabilities/50061
https://github.com/advisories/GHSA-pq3x-96c3-xgjg
http://osvdb.org/53975
http://plone.org/products/plone/security/advisories/cve-2009-0662
http://secunia.com/advisories/34840
http://www.securityfocus.com/bid/34664
https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2009-17.yaml