CVE-2012-5489
N/A
N/A
Summary
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt
- http://www.openwall.com/lists/oss-security/2012/11/10/1
- https://plone.org/products/plone/security/advisories/20121106/05
- https://bugs.launchpad.net/zope2/+bug/1079238
- https://plone.org/products/plone-hotfix/releases/20121106
References
- https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt
- http://www.openwall.com/lists/oss-security/2012/11/10/1
- https://plone.org/products/plone/security/advisories/20121106/05
- https://bugs.launchpad.net/zope2/+bug/1079238
- https://plone.org/products/plone-hotfix/releases/20121106
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.