CVE-2016-4042

Name of the Vulnerable Software and Affected Versions Plone versions 3.3 through 5.1a1 Plone versions 5.x before 5.0.5 and 3.3 before 4.3.10 can be consolidated into the above range for simplicity, but to maintain precision: Plone versions 3.3 through 4.3.9 Plone versions 5.x before 5.0.5

Description The issue allows remote attackers to obtain information about the ID of sensitive content. The exact vectors used for this are not specified.

Recommendations For Plone versions 3.3 through 4.3.9, update to version 4.3.10 or later. For Plone versions 5.x before 5.0.5, update to version 5.0.5 or later. As a temporary workaround, consider restricting access to sensitive content until a patch is applied.