CVE-2012-5491 – plone

Package

Manager: pip
Name: plone
Vulnerable Version: >=0 <4.2.3 || >=4.3a0 <4.3b1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00319 pctl0.54366

Details

Plone Information Disclosure `z3c.form`, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.

Metadata

Created: 2022-05-17T04:32:26Z
Modified: 2024-10-11T20:45:57Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f8pg-wp5j-rjxx/GHSA-f8pg-wp5j-rjxx.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-f8pg-wp5j-rjxx
Finding: F038
Auto approve: 1