← Back

Luci

luci

Vendor: Redhat • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2011-0720
2Plone
Redhat
3Conga
LuciPlone
Apr 29, 2026
Feb 3, 2011
N/A· v4
N/A· v3
7.5 HIGH· v2
Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin...Show more
Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.Show less
CVE-2010-3852
1Redhat
1Luci
Apr 29, 2026
Nov 6, 2010
N/A· v4
N/A· v3
6.4 MEDIUM· v2
The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "[INSERT SECRET HERE]" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged...Show more
The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "[INSERT SECRET HERE]" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie.Show less