GHSA-V49X-8HVM-Q347 Exposure of Sensitive Information in Apache Pluto

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain...

Information Disclosure

PortletV3AnnotatedDemo is susceptible to information disclosure. The vulnerability exists because it does not validate the file path information obtained from the file uploading, leaking configuration and sensitive information...

Design/Logic Flaw

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain...

CVE-2018-1306

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain...

CVE-2018-1306

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain...

CVE-2018-1306

Apache Pluto (Portals Pluto) 3.0.0, specifically the PortletV3AnnotatedDemo Multipart Portlet WAR, is affected. The root cause is failure to restrict path information during file uploads, leading to information disclosure of configuration data and other sensitive files. The CVE-2018-1306 entry in...