The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 01:44
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2012/11/10/1 - | |
References | () https://bugs.launchpad.net/zope2/+bug/1079238 - | |
References | () https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt - | |
References | () https://plone.org/products/plone-hotfix/releases/20121106 - Patch | |
References | () https://plone.org/products/plone/security/advisories/20121106/05 - Vendor Advisory |
Information
Published : 2014-09-30 14:55
Updated : 2024-11-21 01:44
NVD link : CVE-2012-5489
Mitre link : CVE-2012-5489
CVE.ORG link : CVE-2012-5489
JSON object : View
Products Affected
zope
- zope
plone
- plone
CWE
CWE-264
Permissions, Privileges, and Access Controls