@plone/volto is vulnerable to authentication bypasses. A remote attacker is able to get attacker’s authentication cookie replaced with the authentication cookie from another user, effectively giving the attacker full access to the victim’s account and privileges.
CPE | Name | Operator | Version |
---|---|---|---|
@plone/volto | le | 14.10.0 | |
@plone/volto | le | 14.10.0 |