CVE-2009-0662: Moderate severity vulnerability that affects Products.PlonePAS

July 23, 2018 (updated June 6, 2026)

The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.

References

exchange.xforce.ibmcloud.com/vulnerabilities/50061
github.com/advisories/GHSA-pq3x-96c3-xgjg
github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2009-17.yaml
nvd.nist.gov/vuln/detail/CVE-2009-0662

Code Behaviors & Features

Detect and mitigate CVE-2009-0662 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →