PT-2017-8449 · Plone Foundation · Plone
Published
2017-02-24
·
Updated
2022-05-17
·
CVE-2016-4042
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Plone versions 3.3 through 5.1a1
Plone versions 5.x before 5.0.5 and 3.3 before 4.3.10 can be consolidated into the above range for simplicity, but to maintain precision:
Plone versions 3.3 through 4.3.9
Plone versions 5.x before 5.0.5
Description
The issue allows remote attackers to obtain information about the ID of sensitive content. The exact vectors used for this are not specified.
Recommendations
For Plone versions 3.3 through 4.3.9, update to version 4.3.10 or later.
For Plone versions 5.x before 5.0.5, update to version 5.0.5 or later.
As a temporary workaround, consider restricting access to sensitive content until a patch is applied.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Plone