CVE-2012-5489

The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

Published: Sep 30, 2014
Updated: May 9, 2024
CVE: CVE-2012-5489
GHSA: GHSA-879r-7f3w-8jj3
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
plone / plone	3.3	3.3.x
plone / plone	1.0	1.0.x
plone / plone	4.2-a1	4.2-a1.x
plone / plone	4.0.5	4.0.5.x
plone / plone	3.0.1	3.0.1.x
plone / plone	1.0.3	1.0.3.x
plone / plone	3.0	3.0.x
plone / plone	3.2.3	3.2.3.x
plone / plone	3.1.4	3.1.4.x
plone / plone	3.1.5.1	3.1.5.1.x
plone / plone	4.2-b2	4.2-b2.x
plone / plone	4.2.0.1	4.2.0.1.x
plone / plone	2.1.4	2.1.4.x
plone / plone	4.0.2	4.0.2.x
plone / plone	4.2.1.1	4.2.1.1.x
plone / plone	3.3.5	3.3.5.x
plone / plone	3.0.6	3.0.6.x
plone / plone	2.5.4	2.5.4.x
plone / plone	3.2	3.2.x
plone / plone	3.1.1	3.1.1.x
plone / plone	4.3	4.3.x
plone / plone	2.1.1	2.1.1.x
plone / plone	3.3.4	3.3.4.x
plone / plone	2.0.3	2.0.3.x
plone / plone	1.0.4	1.0.4.x
plone / plone	4.2-b1	4.2-b1.x
plone / plone	3.3.2	3.3.2.x
plone / plone	4.2-rc2	4.2-rc2.x
plone / plone	2.0	2.0.x
plone / plone	4.1.6	4.1.6.x
plone / plone	4.0.4	4.0.4.x
plone / plone	3.1.7	3.1.7.x
plone / plone	2.5.1	2.5.1.x
plone / plone	4.1	4.1.x
plone / plone	2.5.3	2.5.3.x
plone / plone	3.2.2	3.2.2.x
plone / plone	2.0.4	2.0.4.x
plone / plone	2.1.2	2.1.2.x
plone / plone	1.0.1	1.0.1.x
plone / plone	3.0.3	3.0.3.x
plone / plone	3.3.1	3.3.1.x
plone / plone	4.2-a2	4.2-a2.x
plone / plone	3.0.4	3.0.4.x
plone / plone	4.1.4	4.1.4.x
plone / plone	2.0.1	2.0.1.x
plone / plone	2.0.2	2.0.2.x
plone / plone	3.1.2	3.1.2.x
plone / plone	3.2.1	3.2.1.x
plone / plone	4.0	4.0.x
plone / plone	1.0.2	1.0.2.x
plone / plone	2.0.5	2.0.5.x
plone / plone	4.1.5	4.1.5.x
plone / plone	3.0.5	3.0.5.x
plone / plone	4.0.6.1	4.0.6.1.x
plone / plone	2.5	2.5.x
plone / plone	1.0.6	1.0.6.x
plone / plone	4.2-rc1	4.2-rc1.x
plone / plone	2.5.2	2.5.2.x
plone / plone	4.0.1	4.0.1.x
plone / plone	3.0.2	3.0.2.x
plone / plone	2.1	2.1.x
plone / plone	3.1	3.1.x
plone / plone	-	4.2.2.x
plone / plone	3.3.3	3.3.3.x
plone / plone	2.1.3	2.1.3.x
plone / plone	3.1.6	3.1.6.x
plone / plone	3.1.3	3.1.3.x
plone / plone	4.0.3	4.0.3.x
plone / plone	1.0.5	1.0.5.x
plone / plone	2.5.5	2.5.5.x
plone / plone	4.2	4.2.x
plone / plone	4.2.1	4.2.1.x
zope / zope	2.8.8	2.8.8.x
zope / zope	2.10.8	2.10.8.x
zope / zope	2.7.0	2.7.0.x
zope / zope	2.13.9	2.13.9.x
zope / zope	2.11.1	2.11.1.x
zope / zope	2.11.3	2.11.3.x
zope / zope	2.9.2	2.9.2.x
zope / zope	2.13.0	2.13.0.x
zope / zope	2.7.6	2.7.6.x
zope / zope	2.9.4	2.9.4.x
zope / zope	2.9.5	2.9.5.x
zope / zope	2.7.5	2.7.5.x
zope / zope	2.11.2	2.11.2.x
zope / zope	2.13.7	2.13.7.x
zope / zope	2.11.0	2.11.0.x
zope / zope	2.13.2	2.13.2.x
zope / zope	2.7.3	2.7.3.x
zope / zope	2.13.4	2.13.4.x
zope / zope	2.8.6	2.8.6.x
zope / zope	2.13.1	2.13.1.x
zope / zope	2.9.7	2.9.7.x
zope / zope	2.7.4	2.7.4.x
zope / zope	2.9.6	2.9.6.x
zope / zope	2.13.8	2.13.8.x
zope / zope	-	2.13.10.x
zope / zope	2.13.3	2.13.3.x
zope / zope	2.13.5	2.13.5.x
zope / zope	2.9.3	2.9.3.x
zope / zope	2.10.3	2.10.3.x
zope / zope	2.8.1	2.8.1.x
zope / zope	2.6.4	2.6.4.x
zope / zope	2.8.4	2.8.4.x
zope / zope	2.7.8	2.7.8.x
zope / zope	2.13.6	2.13.6.x
zope / zope	2.7.7	2.7.7.x
zope / zope	2.5.1	2.5.1.x
zope / zope	2.6.1	2.6.1.x
Zope2	-	2.12.21
Zope2	2.13.0	2.13.11
plone	3.2.2	4.2.3
plone	4.3a1	4.3b1

Vulnerability Database

289,697

CVE-2012-5489