High severityNVD Advisory· Published Oct 10, 2011· Updated Apr 29, 2026
CVE-2011-4030
CVE-2011-4030
Description
The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
PlonePyPI | >= 4.0, < 4.0.10 | 4.0.10 |
PlonePyPI | >= 4.1, < 4.1.1 | 4.1.1 |
PlonePyPI | >= 4.2a1, < 4.2a3 | 4.2a3 |
Affected products
24cpe:2.3:a:plone:cmfeditions:2.0a1:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:plone:cmfeditions:2.0a1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b3:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b4:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b5:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b6:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b7:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b8:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b9:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.2a1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.2a2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- plone.org/products/plone-hotfix/releases/20110928nvdPatchWEB
- plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zipnvdPatchWEB
- pypi.python.org/pypi/Products.PloneHotfix20110928/1.0nvdPatchWEB
- github.com/advisories/GHSA-pwgm-jvqv-6v8pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-4030ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/products-plonehotfix20110928/PYSEC-2011-27.yamlghsaWEB
- secunia.com/advisories/46323nvd
- www.securityfocus.com/bid/50287nvd
News mentions
0No linked articles in our index yet.