CVE-2012-5489
Description
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.575
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are fixed in Python-plone 4.2.3 | Windows |
| Multiple vulnerabilities are fixed in Python-plone 4.3b1 | Windows |
| Vulnerabilities CVE-2012-5489 are fixed in Python-zope2 2.12.21 | Windows |
| Vulnerabilities CVE-2012-5489 are fixed in Python-zope2 2.13.11 | Windows |
| Multiple vulnerabilities are fixed in Python-plone for linux 4.2.3 | Linux |
| Multiple vulnerabilities are fixed in Python-plone for linux 4.3b1 | Linux |
| Vulnerabilities CVE-2012-5489 are fixed in Python-zope2 for linux 2.12.21 | Linux |
| Vulnerabilities CVE-2012-5489 are fixed in Python-zope2 for linux 2.13.11 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234