Unauthorized access of site content

Comments on private content were published

Versions affected

  • 5.1a2
  • 5.1a1
  • 5.0.6
  • 5.0.5
  • 5.0.4
  • 5.0.3
  • 5.0.2
  • 5.0.1
  • 5.0
  • 5.0rc3
  • 5.0rc2
  • 5.0rc1
  • 4.3.11
  • 4.3.10
  • 4.3.9
  • 4.3.8
  • 4.3.7
  • 4.3.6
  • 4.3.5
  • 4.3.4
  • 4.3.3
  • 4.3.2
  • 4.3.1
  • 4.3
  • 4.2.7
  • 4.2.6
  • 4.2.5
  • 4.2.4
  • 4.2.3
  • 4.2.2
  • 4.2.1
  • 4.2
  • 4.1.6
  • 4.1.5
  • 4.1.4
  • 4.1.3
  • 4.1.2
  • 4.1.1
  • 4.1

Vulnerability

Comments on private content were published. The practical impact of this is users were able to read comments on private content in search results.

Current status

Patched

Credits

Discovered by

  • Nejc Zupan niteoweb.com

Fixed by

  • Plone Security Team

Coordinated by

  • Plone Security Team