Plone and Zope2 vulnerable to unauthorized access to restricted attributes

🗓️ 23 Jul 2018 19:52:06Reported by GitHub Advisory DatabaseType

Plone and Zope2 vulnerable to unauthorized access to restricted attributes. App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors

Reporter	Title	Published	Views	Family All 10
CVE	CVE-2012-5489	30 Sep 201414:00	–	cve
Cvelist	CVE-2012-5489	30 Sep 201414:00	–	cvelist
EUVD	EUVD-2014-0049	7 Oct 202500:30	–	euvd
NVD	CVE-2012-5489	30 Sep 201414:55	–	nvd
OSV	GHSA-879R-7F3W-8JJ3 Plone and Zope2 vulnerable to unauthorized access to restricted attributes	23 Jul 201819:52	–	osv
OSV	PYSEC-2014-31	30 Sep 201414:55	–	osv
OSV	PYSEC-2014-74	30 Sep 201414:55	–	osv
Prion	Design/Logic Flaw	30 Sep 201414:55	–	prion
PyPA	PYSEC-2014-31	30 Sep 201414:55	–	pypa
PyPA	PYSEC-2014-74	30 Sep 201414:55	–	pypa

Vulners

Node

plone ploneRange4.3a1–4.3a2pip

plone ploneRange3.2.2–4.2.3pip

zope2Range2.13.0–2.13.11pip

zope2Range<2.12.21pip

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2012-5489
bugs	www.bugs.launchpad.net/zope2/+bug/1079238
github	www.github.com/advisories/GHSA-879r-7f3w-8jj3
github	www.github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt
plone	www.plone.org/products/plone-hotfix/releases/20121106
plone	www.plone.org/products/plone/security/advisories/20121106/05
openwall	www.openwall.com/lists/oss-security/2012/11/10/1
github	www.github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-31.yaml
github	www.github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2014-74.yaml

11 Oct 2024 20:52Current

6.2Medium risk

Vulners AI Score6.2

CVSS 26.5

EPSS0.00575

CWE-863