CVE-2016-4042

Published on: 02/24/2017 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:26:57 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Certain versions of Plone from Plone contain the following vulnerability:

Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors.

  • CVE-2016-4042 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.3 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED LOW NONE NONE

CVSS2 Score: 5 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
Unauthorized disclosure of site content — Plone: Enterprise Level CMS - Free and OpenSource - Community Driven - Secure Vendor Advisory
plone.org
text/html
URL Logo CONFIRM plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content
oss-security - Re: CVE Request: Unauthorized disclosure of site content - Plone Mailing List
Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160419 Re: CVE Request: Unauthorized disclosure of site content - Plone

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationPlonePlone3.3AllAllAll
ApplicationPlonePlone3.3.1AllAllAll
ApplicationPlonePlone3.3.2AllAllAll
ApplicationPlonePlone3.3.3AllAllAll
ApplicationPlonePlone3.3.4AllAllAll
ApplicationPlonePlone3.3.5AllAllAll
ApplicationPlonePlone3.3.6AllAllAll
ApplicationPlonePlone4.0AllAllAll
ApplicationPlonePlone4.0.1AllAllAll
ApplicationPlonePlone4.0.10AllAllAll
ApplicationPlonePlone4.0.2AllAllAll
ApplicationPlonePlone4.0.3AllAllAll
ApplicationPlonePlone4.0.4AllAllAll
ApplicationPlonePlone4.0.5AllAllAll
ApplicationPlonePlone4.0.7AllAllAll
ApplicationPlonePlone4.0.8AllAllAll
ApplicationPlonePlone4.0.9AllAllAll
ApplicationPlonePlone4.1AllAllAll
ApplicationPlonePlone4.1.1AllAllAll
ApplicationPlonePlone4.1.2AllAllAll
ApplicationPlonePlone4.1.3AllAllAll
ApplicationPlonePlone4.1.4AllAllAll
ApplicationPlonePlone4.1.5AllAllAll
ApplicationPlonePlone4.1.6AllAllAll
ApplicationPlonePlone4.2AllAllAll
ApplicationPlonePlone4.2.1AllAllAll
ApplicationPlonePlone4.2.2AllAllAll
ApplicationPlonePlone4.2.3AllAllAll
ApplicationPlonePlone4.2.4AllAllAll
ApplicationPlonePlone4.2.5AllAllAll
ApplicationPlonePlone4.2.6AllAllAll
ApplicationPlonePlone4.2.7AllAllAll
ApplicationPlonePlone4.3AllAllAll
ApplicationPlonePlone4.3.1AllAllAll
ApplicationPlonePlone4.3.2AllAllAll
ApplicationPlonePlone4.3.3AllAllAll
ApplicationPlonePlone4.3.4AllAllAll
ApplicationPlonePlone4.3.5AllAllAll
ApplicationPlonePlone4.3.6AllAllAll
ApplicationPlonePlone4.3.7AllAllAll
ApplicationPlonePlone4.3.8AllAllAll
ApplicationPlonePlone4.3.9AllAllAll
ApplicationPlonePlone5.0AllAllAll
ApplicationPlonePlone5.0a1AllAll
ApplicationPlonePlone5.0rc1AllAll
ApplicationPlonePlone5.0rc2AllAll
ApplicationPlonePlone5.0rc3AllAll
ApplicationPlonePlone5.0.1AllAllAll
ApplicationPlonePlone5.0.2AllAllAll
ApplicationPlonePlone5.0.3AllAllAll
ApplicationPlonePlone5.0.4AllAllAll
ApplicationPlonePlone3.3AllAllAll
ApplicationPlonePlone3.3.1AllAllAll
ApplicationPlonePlone3.3.2AllAllAll
ApplicationPlonePlone3.3.3AllAllAll
ApplicationPlonePlone3.3.4AllAllAll
ApplicationPlonePlone3.3.5AllAllAll
ApplicationPlonePlone3.3.6AllAllAll
ApplicationPlonePlone4.0AllAllAll
ApplicationPlonePlone4.0.1AllAllAll
ApplicationPlonePlone4.0.10AllAllAll
ApplicationPlonePlone4.0.2AllAllAll
ApplicationPlonePlone4.0.3AllAllAll
ApplicationPlonePlone4.0.4AllAllAll
ApplicationPlonePlone4.0.5AllAllAll
ApplicationPlonePlone4.0.7AllAllAll
ApplicationPlonePlone4.0.8AllAllAll
ApplicationPlonePlone4.0.9AllAllAll
ApplicationPlonePlone4.1AllAllAll
ApplicationPlonePlone4.1.1AllAllAll
ApplicationPlonePlone4.1.2AllAllAll
ApplicationPlonePlone4.1.3AllAllAll
ApplicationPlonePlone4.1.4AllAllAll
ApplicationPlonePlone4.1.5AllAllAll
ApplicationPlonePlone4.1.6AllAllAll
ApplicationPlonePlone4.2AllAllAll
ApplicationPlonePlone4.2.1AllAllAll
ApplicationPlonePlone4.2.2AllAllAll
ApplicationPlonePlone4.2.3AllAllAll
ApplicationPlonePlone4.2.4AllAllAll
ApplicationPlonePlone4.2.5AllAllAll
ApplicationPlonePlone4.2.6AllAllAll
ApplicationPlonePlone4.2.7AllAllAll
ApplicationPlonePlone4.3AllAllAll
ApplicationPlonePlone4.3.1AllAllAll
ApplicationPlonePlone4.3.2AllAllAll
ApplicationPlonePlone4.3.3AllAllAll
ApplicationPlonePlone4.3.4AllAllAll
ApplicationPlonePlone4.3.5AllAllAll
ApplicationPlonePlone4.3.6AllAllAll
ApplicationPlonePlone4.3.7AllAllAll
ApplicationPlonePlone4.3.8AllAllAll
ApplicationPlonePlone4.3.9AllAllAll
ApplicationPlonePlone5.0AllAllAll
ApplicationPlonePlone5.0a1AllAll
ApplicationPlonePlone5.0rc1AllAll
ApplicationPlonePlone5.0rc2AllAll
ApplicationPlonePlone5.0rc3AllAll
ApplicationPlonePlone5.0.1AllAllAll
ApplicationPlonePlone5.0.2AllAllAll
ApplicationPlonePlone5.0.3AllAllAll
ApplicationPlonePlone5.0.4AllAllAll
  • cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:5.0:a1:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:5.0:a1:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*: