Plone, an open source content management system, was found to be affected by a vulnerability, that could allow remote attackers to obtain the path to a plone installation. A file object that points to documentation is initialised in class scope and not cleaned up. This object can be traversed to through the web, revealing the repr, including the path of the software installation. Responsible code: https://github.com/plone/Products.CMFPlone/blob/b08a45bc12b1bd42411f1130a487a7a242349ea0/Products/CMFPlone/FactoryTool.py#L272-L274 References: http://seclists.org/oss-sec/2013/q4/467 https://plone.org/security/20131210/path-leak
Created plone tracking bugs for this issue: Affects: epel-5 [bug 1040380]
CVE Request: http://seclists.org/oss-sec/2013/q4/467
Statement: Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.