Description
The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request.
Remediation
References
Related Vulnerabilities
WordPress Plugin 2kb Amazon Affiliates Store Cross-Site Scripting (2.1.0)
Oracle Database Server CVE-2011-0879 Vulnerability (CVE-2011-0879)
WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (2.6.2)
WordPress Plugin Rating-Widget:Star Review System Cross-Site Scripting (2.8.8)
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5498)