Lucene search

GoogleOSV:GHSA-879R-7F3W-8JJ3

HistoryJul 23, 2018 - 7:52 p.m.

Moderate severity vulnerability that affects Plone and Zope2

2018-07-2319:52:06

Google

osv.dev

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.9%

JSON

The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

CPENameOperatorVersion
zope2eq2.12.0
zope2eq2.12.16
zope2eq2.12.0a3
ploneeq4.0.2
ploneeq4.1.4
zope2eq2.13.10
ploneeq4.1
ploneeq4.1a1
ploneeq3.3
ploneeq4.3a2

Name	Operator	Version
zope2	eq	2.12.0
zope2	eq	2.12.16
zope2	eq	2.12.0a3
plone	eq	4.0.2
plone	eq	4.1.4
zope2	eq	2.13.10
plone	eq	4.1
plone	eq	4.1a1
plone	eq	3.3
plone	eq	4.3a2

Rows per page:

1-10 of 1031

References

www.openwall.com/lists/oss-security/2012/11/10/1

bugs.launchpad.net/zope2/+bug/1079238

github.com/advisories/GHSA-879r-7f3w-8jj3

github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt

nvd.nist.gov/vuln/detail/CVE-2012-5489

plone.org/products/plone-hotfix/releases/20121106

plone.org/products/plone/security/advisories/20121106/05

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.9%

JSON

Related for OSV:GHSA-879R-7F3W-8JJ3