Product: Plone CMS
Version: v6.0.9
Date found: 10.01.2024.
Date reported: 10.01.2024.
Vulnerability type: Incorrect Access Control.
CVE ID: CVE-2024-22889
Description: Due to incorect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request.
POC is coming soon:)