ID CVE-2012-5487Type cveReporter NVDModified 2014-10-01T10:28:43
Description
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.
{"reporter": "NVD", "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "vulnersScore": 7.5}, "published": "2014-09-30T10:55:05", "cvelist": ["CVE-2012-5487"], "title": "CVE-2012-5487", "objectVersion": "1.2", "type": "cve", "hash": "e2f40e113c1d5728e06bb5076e8e3897ff4cb5ac917393e0c02f2d4d46f7a91d", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5487", "bulletinFamily": "NVD", "id": "CVE-2012-5487", "history": [], "scanner": [], "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "modified": "2014-10-01T10:28:43", "viewCount": 0, "cpe": ["cpe:/a:plone:plone:3.1.5.1", "cpe:/a:plone:plone:2.5.3", "cpe:/a:plone:plone:3.3.5", "cpe:/a:plone:plone:2.0.1", "cpe:/a:plone:plone:4.2:a2", "cpe:/a:plone:plone:1.0", "cpe:/a:plone:plone:4.2:rc1", "cpe:/a:plone:plone:3.0", "cpe:/a:plone:plone:4.2:a1", "cpe:/a:plone:plone:4.0.5", "cpe:/a:plone:plone:1.0.1", "cpe:/a:plone:plone:4.0.2", "cpe:/a:plone:plone:2.5.2", "cpe:/a:plone:plone:4.2.1.1", "cpe:/a:plone:plone:2.5.4", "cpe:/a:plone:plone:4.0", "cpe:/a:plone:plone:3.0.1", "cpe:/a:plone:plone:3.0.2", "cpe:/a:plone:plone:3.2", "cpe:/a:plone:plone:3.0.6", "cpe:/a:plone:plone:1.0.4", "cpe:/a:plone:plone:3.3.1", "cpe:/a:plone:plone:4.0.3", "cpe:/a:plone:plone:2.0.5", "cpe:/a:plone:plone:4.0.4", "cpe:/a:plone:plone:4.2.2", "cpe:/a:plone:plone:2.0", "cpe:/a:plone:plone:4.3", "cpe:/a:plone:plone:3.2.1", "cpe:/a:plone:plone:3.1.6", "cpe:/a:plone:plone:4.2:b1", "cpe:/a:plone:plone:3.3", "cpe:/a:plone:plone:3.3.3", "cpe:/a:plone:plone:3.2.3", "cpe:/a:plone:plone:4.2.1", "cpe:/a:plone:plone:3.0.5", "cpe:/a:plone:plone:4.2", "cpe:/a:plone:plone:2.5.5", "cpe:/a:plone:plone:4.0.1", "cpe:/a:plone:plone:2.1.3", "cpe:/a:plone:plone:3.1.2", "cpe:/a:plone:plone:4.2:rc2", "cpe:/a:plone:plone:1.0.5", "cpe:/a:plone:plone:2.5.1", "cpe:/a:plone:plone:3.1.7", "cpe:/a:plone:plone:2.1.2", "cpe:/a:plone:plone:3.1.3", "cpe:/a:plone:plone:4.1.4", "cpe:/a:plone:plone:3.3.2", "cpe:/a:plone:plone:2.0.2", "cpe:/a:plone:plone:3.1", "cpe:/a:plone:plone:2.1", "cpe:/a:plone:plone:4.2.0.1", "cpe:/a:plone:plone:3.3.4", "cpe:/a:plone:plone:4.1", "cpe:/a:plone:plone:1.0.2", "cpe:/a:plone:plone:3.2.2", "cpe:/a:plone:plone:1.0.6", "cpe:/a:plone:plone:3.1.1", "cpe:/a:plone:plone:1.0.3", "cpe:/a:plone:plone:2.0.3", "cpe:/a:plone:plone:4.2:b2", "cpe:/a:plone:plone:4.1.5", "cpe:/a:plone:plone:4.1.6", "cpe:/a:plone:plone:2.0.4", "cpe:/a:plone:plone:3.0.3", "cpe:/a:plone:plone:2.5", "cpe:/a:plone:plone:2.1.1", "cpe:/a:plone:plone:2.1.4", "cpe:/a:plone:plone:4.0.6.1", "cpe:/a:plone:plone:3.1.4", "cpe:/a:plone:plone:3.0.4"], "edition": 1, "description": "The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.", "references": ["http://www.openwall.com/lists/oss-security/2012/11/10/1", "https://plone.org/products/plone-hotfix/releases/20121106", "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", "https://plone.org/products/plone/security/advisories/20121106/03"], "lastseen": "2016-09-03T17:15:46", "assessment": {"system": "", "name": "", "href": ""}}
{}
