CVE-2016-4042: Plone vulnerable to unauthorized disclosure of site content

May 17, 2022 (updated October 18, 2024)

Plone versions 3.3 before 4.3.10 and 5.x before 5.0.5 allow remote attackers to obtain information about the ID of sensitive content via unspecified vectors.

References

github.com/advisories/GHSA-v4vj-49m5-wjhw
github.com/plone/Plone
github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-56.yaml
nvd.nist.gov/vuln/detail/CVE-2016-4042
plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content

Detect and mitigate CVE-2016-4042 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →