{"id":"PYSEC-2009-17","details":"The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.","aliases":["CVE-2009-0662","GHSA-pq3x-96c3-xgjg"],"modified":"2026-05-21T15:00:25.704221160Z","published":"2009-04-23T17:30:01.640Z","references":[{"type":"WEB","url":"http://osvdb.org/53975"},{"type":"WEB","url":"http://www.securityfocus.com/bid/34664"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/50061"},{"type":"ADVISORY","url":"http://secunia.com/advisories/34840"},{"type":"FIX","url":"http://plone.org/products/plone/security/advisories/cve-2009-0662"}],"affected":[{"package":{"name":"plone","ecosystem":"PyPI","purl":"pkg:pypi/plone"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.0"},{"last_affected":"3.1"},{"last_affected":"3.2"},{"last_affected":"3.3"},{"last_affected":"3.4"},{"last_affected":"3.5"}]}],"versions":["3.2","3.3"],"ecosystem_specific":{},"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2009-17.yaml"}}],"schema_version":"1.7.5"}