CVE-2012-5489
MEDIUM6.5EPSS 0.57%Plone and Zope2 vulnerable to unauthorized access to restricted attributes
發布日:2018/7/23修改日:2024/10/14
描述
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.
受影響套件(4)
- PyPI/plone>= 3.2.2, < 4.2.3
- PyPI/plonefrom 0, < 4.2.3, >= 4.3a0, < 4.3b1
- PyPI/zope2from 0, < 2.12.21
- PyPI/zope2from 0, < 2.12.21, >= 2.13, < 2.13.11
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
參考連結(9)
- ADVISORYhttps://github.com/advisories/GHSA-879r-7f3w-8jj3
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2012-5489
- WEBhttps://bugs.launchpad.net/zope2/+bug/1079238
- WEBhttps://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-31.yaml
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2014-74.yaml
- WEBhttps://plone.org/products/plone-hotfix/releases/20121106
- WEBhttps://plone.org/products/plone/security/advisories/20121106/05
- WEBhttp://www.openwall.com/lists/oss-security/2012/11/10/1