CVE-2016-4042
Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors.
Date published : 2017-02-24
https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content