The object manager implementation (objectmanager.py) in Plone 2.1 up to and including 4.1, 4.2.x up to and including 4.2.5, and 4.3.x up to and including 4.3.1 does not properly restrict access to internal methods, which allows remote malicious users to obtain sensitive information via a crafted request.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
plone plone 4.3 |
||
plone plone 4.3.1 |
||
plone plone 4.0.1 |
||
plone plone 4.0.6.1 |
||
plone plone 3.0 |
||
plone plone 3.0.2 |
||
plone plone 3.1 |
||
plone plone 3.1.2 |
||
plone plone 3.2.1 |
||
plone plone 3.2.3 |
||
plone plone 3.3.4 |
||
plone plone 2.5 |
||
plone plone 2.5.2 |
||
plone plone 2.1.1 |
||
plone plone 2.1.3 |
||
plone plone 4.0.2 |
||
plone plone 4.0.3 |
||
plone plone 4.0.4 |
||
plone plone 4.0.5 |
||
plone plone 3.1.4 |
||
plone plone 3.1.5.1 |
||
plone plone 3.1.6 |
||
plone plone 3.1.7 |
||
plone plone 2.5.3 |
||
plone plone 2.5.4 |
||
plone plone 2.5.5 |
||
plone plone 2.1 |
||
plone plone 3.0.3 |
||
plone plone 3.0.4 |
||
plone plone 3.0.5 |
||
plone plone 3.0.6 |
||
plone plone 3.3 |
||
plone plone 3.3.1 |
||
plone plone 3.3.2 |
||
plone plone 3.3.3 |
||
plone plone 4.0 |
||
plone plone 4.1 |
||
plone plone 3.0.1 |
||
plone plone 3.1.1 |
||
plone plone 3.1.3 |
||
plone plone 3.2 |
||
plone plone 3.2.2 |
||
plone plone 3.3.5 |
||
plone plone 2.5.1 |
||
plone plone 2.1.2 |
||
plone plone 2.1.4 |
||
plone plone 4.2.4 |
||
plone plone 4.2 |
||
plone plone 4.2.1 |
||
plone plone 4.2.2 |
||
plone plone 4.2.3 |
||
plone plone 4.2.5 |
Vulmon