Filesystem path information leak

by matthewwilkes — published 2013/12/10 14:49:00 GMT+0, last modified 2016-08-30T16:36:47+00:00
A vulnerability that allows remote attackers to obtain the path to a Plone installation

Versions affected

  • 4.3.2
  • 4.3.1
  • 4.3
  • 4.2.7
  • 4.2.6
  • 4.2.5
  • 4.2.4
  • 4.2.3
  • 4.2.2
  • 4.2.1
  • 4.2
  • 4.1.6
  • 4.1.5
  • 4.1.4
  • 4.1.3
  • 4.1.2
  • 4.1.1
  • 4.1
  • 4.0.10
  • 4.0.9
  • 4.0.8
  • 4.0.7
  • 4.0.5
  • 4.0.4
  • 4.0.3
  • 4.0.2
  • 4.0.1
  • 4.0
  • 3.3.6
  • 3.3.5
  • 3.3.4
  • 3.3.3
  • 3.3.2
  • 3.3.1
  • 3.3

Vulnerability

A file object that points to documentation is initialised in class scope and not cleaned up. This object can be traversed to through the web, revealing the repr, including the path of the software installation. Responsible code is at: https://github.com/plone/Products.CMFPlone/blob/b08a45bc12b1bd42411f1130a487a7a242349ea0/Products/CMFPlone/FactoryTool.py#L272-L274

Current status

Patched

Credits

Discovered by

  • Richard Mitchell, of the Plone Security Team

Fixed by

  • Matthew Wilkes, of the Plone Security Team

Coordinated by

  • Plone Security Team