Lucene search
GoogleOSV:GHSA-V49X-8HVM-Q347HistoryMay 14, 2022 - 1:29 a.m.
Exposure of Sensitive Information in Apache Pluto
2022-05-1401:29:43
Google
osv.dev
4
0.924 High
EPSS
Percentile
99.0%
The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information.
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.apache.portals.pluto:pluto-container | eq | 3.0.0 |
Related
exploitpack
exploitpack
Apache Portals Pluto 3.0.0 - Remote Code Execution
2018-09-13 00:00:00
prion
prion
Design/Logic Flaw
2018-06-27 18:29:00
cvelist
cvelist
CVE-2018-1306
2018-06-27 00:00:00
nvd
nvd
CVE-2018-1306
2018-06-27 18:29:00
packetstorm
packetstorm
Apache Portals Pluto 3.0.0 Remote Code Execution
2018-09-14 00:00:00
zdt
zdt
Apache Portals Pluto 3.0.0 - Remote Code Execution Exploit
2018-09-16 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Portals Pluto Remote Code Execution (CVE-2018-1306)
2018-09-16 00:00:00
veracode
veracode
Information Disclosure
2018-06-28 06:18:56
github
github
Exposure of Sensitive Information in Apache Pluto
2022-05-14 01:29:43
cve
cve
CVE-2018-1306
2018-06-27 18:29:00
exploitdb
exploitdb
Apache Portals Pluto 3.0.0 - Remote Code Execution
2018-09-13 00:00:00