CVE-2016-4042
MEDIUMPlone 3.3-5.1a1 - Unauthorized Information Disclosure of Content IDs
Title source: llmDescription
Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/04/20/2
Vendor Advisory x_refsource_confirm
https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content
Scores
CVSS v3
5.3
EPSS
0.0112
EPSS Percentile
62.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (46)
plone/plone
3.3
plone/plone
3.3.1
plone/plone
3.3.2
plone/plone
3.3.3
plone/plone
3.3.4
plone/plone
3.3.5
plone/plone
3.3.6
plone/plone
4.0
plone/plone
4.0.1
plone/plone
4.0.2
... and 36 more
Published
Feb 24, 2017
Tracked Since
Feb 18, 2026