CVE-2013-4189 Information

Description

Multiple unspecified vulnerabilities in (1) dataitems.py (2) get.py and (3) traverseName.py in Plone 2.1 through 4.1 4.2.x through 4.2.5 and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors.

Reference

http://plone.org/products/plone/security/advisories/20130618-announcement http://plone.org/products/plone-hotfix/releases/20130618 http://seclists.org/oss-sec/2013/q3/261 https://bugzilla.redhat.com/show_bug.cgi?id=978450