CVE-2012-5489

🗓️ 30 Sep 2014 14:00:00Reported by redhatType

The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11 allows remote authenticated users to gain access to restricted attributes via unspecified vectors

Reporter	Title	Published	Views	Family All 10
Cvelist	CVE-2012-5489	30 Sep 201414:00	–	cvelist
EUVD	EUVD-2014-0049	7 Oct 202500:30	–	euvd
Github Security Blog	Plone and Zope2 vulnerable to unauthorized access to restricted attributes	23 Jul 201819:52	–	github
NVD	CVE-2012-5489	30 Sep 201414:55	–	nvd
OSV	GHSA-879R-7F3W-8JJ3 Plone and Zope2 vulnerable to unauthorized access to restricted attributes	23 Jul 201819:52	–	osv
OSV	PYSEC-2014-31	30 Sep 201414:55	–	osv
OSV	PYSEC-2014-74	30 Sep 201414:55	–	osv
Prion	Design/Logic Flaw	30 Sep 201414:55	–	prion
PyPA	PYSEC-2014-31	30 Sep 201414:55	–	pypa
PyPA	PYSEC-2014-74	30 Sep 201414:55	–	pypa

NVD

Node

plone ploneRange≤4.2.2

plone ploneMatch1.0

plone ploneMatch1.0.1

plone ploneMatch1.0.2

plone ploneMatch1.0.3

plone ploneMatch1.0.4

plone ploneMatch1.0.5

plone ploneMatch1.0.6

plone ploneMatch2.0

plone ploneMatch2.0.1

plone ploneMatch2.0.2

plone ploneMatch2.0.3

plone ploneMatch2.0.4

plone ploneMatch2.0.5

plone ploneMatch2.1

plone ploneMatch2.1.1

plone ploneMatch2.1.2

plone ploneMatch2.1.3

plone ploneMatch2.1.4

plone ploneMatch2.5

plone ploneMatch2.5.1

plone ploneMatch2.5.2

plone ploneMatch2.5.3

plone ploneMatch2.5.4

plone ploneMatch2.5.5

plone ploneMatch3.0

plone ploneMatch3.0.1

plone ploneMatch3.0.2

plone ploneMatch3.0.3

plone ploneMatch3.0.4

plone ploneMatch3.0.5

plone ploneMatch3.0.6

plone ploneMatch3.1

plone ploneMatch3.1.1

plone ploneMatch3.1.2

plone ploneMatch3.1.3

plone ploneMatch3.1.4

plone ploneMatch3.1.5.1

plone ploneMatch3.1.6

plone ploneMatch3.1.7

plone ploneMatch3.2

plone ploneMatch3.2.1

plone ploneMatch3.2.2

plone ploneMatch3.2.3

plone ploneMatch3.3

plone ploneMatch3.3.1

plone ploneMatch3.3.2

plone ploneMatch3.3.3

plone ploneMatch3.3.4

plone ploneMatch3.3.5

plone ploneMatch4.0

plone ploneMatch4.0.1

plone ploneMatch4.0.2

plone ploneMatch4.0.3

plone ploneMatch4.0.4

plone ploneMatch4.0.5

plone ploneMatch4.0.6.1

plone ploneMatch4.1

plone ploneMatch4.1.4

plone ploneMatch4.1.5

plone ploneMatch4.1.6

plone ploneMatch4.2

plone ploneMatch4.2a1

plone ploneMatch4.2a2

plone ploneMatch4.2b1

plone ploneMatch4.2b2

plone ploneMatch4.2rc1

plone ploneMatch4.2rc2

plone ploneMatch4.2.0.1

plone ploneMatch4.2.1

plone ploneMatch4.2.1.1

plone ploneMatch4.3

Node

zope zopeRange≤2.13.10

zope zopeMatch2.5.1

zope zopeMatch2.6.1

zope zopeMatch2.6.4

zope zopeMatch2.7.0

zope zopeMatch2.7.3

zope zopeMatch2.7.4

zope zopeMatch2.7.5

zope zopeMatch2.7.6

zope zopeMatch2.7.7

zope zopeMatch2.7.8

zope zopeMatch2.8.1

zope zopeMatch2.8.4

zope zopeMatch2.8.6

zope zopeMatch2.8.8

zope zopeMatch2.9.2

zope zopeMatch2.9.3

zope zopeMatch2.9.4

zope zopeMatch2.9.5

zope zopeMatch2.9.6

zope zopeMatch2.9.7

zope zopeMatch2.10.3

zope zopeMatch2.10.8

zope zopeMatch2.11.0

zope zopeMatch2.11.1

zope zopeMatch2.11.2

zope zopeMatch2.11.3

zope zopeMatch2.13.0

zope zopeMatch2.13.1

zope zopeMatch2.13.2

zope zopeMatch2.13.3

zope zopeMatch2.13.4

zope zopeMatch2.13.5

zope zopeMatch2.13.6

zope zopeMatch2.13.7

zope zopeMatch2.13.8

zope zopeMatch2.13.9

Source	Link
plone	www.plone.org/products/plone-hotfix/releases/20121106
github	www.github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt
bugs	www.bugs.launchpad.net/zope2/+bug/1079238
plone	www.plone.org/products/plone/security/advisories/20121106/05
openwall	www.openwall.com/lists/oss-security/2012/11/10/1

06 May 2026 22:30Current

6.5Medium risk

Vulners AI Score6.5

CVSS 26.5

EPSS0.00575

CWE-264