← back
CVE-2012-5489

CVE-2012-5489

EPSS 1.3%
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugs.launchpad.net/zope2/+bug/1079238https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txthttps://plone.org/products/plone-hotfix/releases/20121106https://plone.org/products/plone/security/advisories/20121106/05http://www.openwall.com/lists/oss-security/2012/11/10/1