—

PYSEC-2014-66

Details

Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / plone

Introduced in: 3.3 Fixed in: 4.3.3

Fix pip install --upgrade 'plone>=4.3.3'

References

https://plone.org/security/20131210/catalogue-exposure [WEB]
http://www.openwall.com/lists/oss-security/2013/12/12/3 [WEB]
http://www.openwall.com/lists/oss-security/2013/12/10/15 [WEB]