CVE-2011-4030 Information

Description

The CMFEditions component 2.x in Plone 4.0.x through 4.0.9 4.1 and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable which allows remote attackers to access sub-objects via unspecified vectors a different vulnerability than CVE-2011-3587.

Reference

http://plone.org/products/plone-hotfix/releases/20110928 http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0 http://secunia.com/advisories/46323 http://www.securityfocus.com/bid/50287