Filesystem path information leak

A vulnerability that allows remote attackers to obtain the path to a Plone installation

Versions affected

4.3.2
4.3.1
4.3
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2
4.1.6
4.1.5
4.1.4
4.1.3
4.1.2
4.1.1
4.1
4.0.10
4.0.9
4.0.8
4.0.7
4.0.5
4.0.4
4.0.3
4.0.2
4.0.1
4.0
3.3.6
3.3.5
3.3.4
3.3.3
3.3.2
3.3.1
3.3

Vulnerability

A file object that points to documentation is initialised in class scope and not cleaned up. This object can be traversed to through the web, revealing the repr, including the path of the software installation. Responsible code is at: https://github.com/plone/Products.CMFPlone/blob/b08a45bc12b1bd42411f1130a487a7a242349ea0/Products/CMFPlone/FactoryTool.py#L272-L274

Current status

Patched

Credits

Discovered by

Richard Mitchell, of the Plone Security Team

Fixed by

Matthew Wilkes, of the Plone Security Team

Coordinated by

Plone Security Team

Contact

You can contact the security team confidentially by email at security@plone.org

More information

CVE Identifier

CVE-2013-7060

Type

Information leak

Severity

5.0 – medium
Vector	Network
Complexity	Low
Authentication	None
Confidentiality	Partial
Integrity	None
Availability	None

Timeline

Vulnerability reported: 2013-01-23
Hotfix released: 2013-12-10