CVE-2012-5489 – plone

Package

Manager: pip
Name: plone
Vulnerable Version: >=3.2.2 <4.2.3 || >=4.3a1 <4.3b1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00575 pctl0.67784

Details

Plone and Zope2 vulnerable to unauthorized access to restricted attributes The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

Metadata

Created: 2018-07-23T19:52:06Z
Modified: 2024-10-11T20:52:23Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-879r-7f3w-8jj3/GHSA-879r-7f3w-8jj3.json
CWE IDs: ["CWE-863"]
Alternative ID: GHSA-879r-7f3w-8jj3
Finding: F006
Auto approve: 1