CVE-2012-5489

First published: Tue Sep 30 2014(Updated: )

The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
Plone Plone	<=4.2.2
Plone Plone	=1.0
Plone Plone	=1.0.1
Plone Plone	=1.0.2
Plone Plone	=1.0.3
Plone Plone	=1.0.4
Plone Plone	=1.0.5
Plone Plone	=1.0.6
Plone Plone	=2.0
Plone Plone	=2.0.1
Plone Plone	=2.0.2
Plone Plone	=2.0.3
Plone Plone	=2.0.4
Plone Plone	=2.0.5
Plone Plone	=2.1
Plone Plone	=2.1.1
Plone Plone	=2.1.2
Plone Plone	=2.1.3
Plone Plone	=2.1.4
Plone Plone	=2.5
Plone Plone	=2.5.1
Plone Plone	=2.5.2
Plone Plone	=2.5.3
Plone Plone	=2.5.4
Plone Plone	=2.5.5
Plone Plone	=3.0
Plone Plone	=3.0.1
Plone Plone	=3.0.2
Plone Plone	=3.0.3
Plone Plone	=3.0.4
Plone Plone	=3.0.5
Plone Plone	=3.0.6
Plone Plone	=3.1
Plone Plone	=3.1.1
Plone Plone	=3.1.2
Plone Plone	=3.1.3
Plone Plone	=3.1.4
Plone Plone	=3.1.5.1
Plone Plone	=3.1.6
Plone Plone	=3.1.7
Plone Plone	=3.2
Plone Plone	=3.2.1
Plone Plone	=3.2.2
Plone Plone	=3.2.3
Plone Plone	=3.3
Plone Plone	=3.3.1
Plone Plone	=3.3.2
Plone Plone	=3.3.3
Plone Plone	=3.3.4
Plone Plone	=3.3.5
Plone Plone	=4.0
Plone Plone	=4.0.1
Plone Plone	=4.0.2
Plone Plone	=4.0.3
Plone Plone	=4.0.4
Plone Plone	=4.0.5
Plone Plone	=4.0.6.1
Plone Plone	=4.1
Plone Plone	=4.1.4
Plone Plone	=4.1.5
Plone Plone	=4.1.6
Plone Plone	=4.2
Plone Plone	=4.2-a1
Plone Plone	=4.2-a2
Plone Plone	=4.2-b1
Plone Plone	=4.2-b2
Plone Plone	=4.2-rc1
Plone Plone	=4.2-rc2
Plone Plone	=4.2.0.1
Plone Plone	=4.2.1
Plone Plone	=4.2.1.1
Plone Plone	=4.3
Zope Zope	<=2.13.10
Zope Zope	=2.5.1
Zope Zope	=2.6.1
Zope Zope	=2.6.4
Zope Zope	=2.7.0
Zope Zope	=2.7.3
Zope Zope	=2.7.4
Zope Zope	=2.7.5
Zope Zope	=2.7.6
Zope Zope	=2.7.7
Zope Zope	=2.7.8
Zope Zope	=2.8.1
Zope Zope	=2.8.4
Zope Zope	=2.8.6
Zope Zope	=2.8.8
Zope Zope	=2.9.2
Zope Zope	=2.9.3
Zope Zope	=2.9.4
Zope Zope	=2.9.5
Zope Zope	=2.9.6
Zope Zope	=2.9.7
Zope Zope	=2.10.3
Zope Zope	=2.10.8
Zope Zope	=2.11.0
Zope Zope	=2.11.1
Zope Zope	=2.11.2
Zope Zope	=2.11.3
Zope Zope	=2.13.0
Zope Zope	=2.13.1
Zope Zope	=2.13.2
Zope Zope	=2.13.3
Zope Zope	=2.13.4
Zope Zope	=2.13.5
Zope Zope	=2.13.6
Zope Zope	=2.13.7
Zope Zope	=2.13.8
Zope Zope	=2.13.9
pip/Plone	>=4.3a1<=4.3a2	4.3b1
pip/Plone	>=3.2.2<4.2.3	4.2.3
pip/Zope2	>=2.13.0<2.13.11	2.13.11
pip/Zope2	<2.12.21	2.12.21

Remedy

https://plone.org/products/plone-hotfix/releases/20121106

Never miss a vulnerability like this again

Reference Links

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/remedy
agent/description
agent/first-publish-date
collector/github-advisory-latest
source/GitHub
alias/GHSA-879r-7f3w-8jj3
alias/CVE-2012-5489
agent/software-canonical-lookup
agent/severity
agent/last-modified-date
agent/references
agent/weakness
agent/softwarecombine
agent/event
collector/nvd-cve
source/NVD
agent/author
agent/tags
collector/github-advisory
vendor/plone
canonical/plone plone
version/plone plone/4.2.2
version/plone plone/1.0
version/plone plone/1.0.1
version/plone plone/1.0.2
version/plone plone/1.0.3
version/plone plone/1.0.4
version/plone plone/1.0.5
version/plone plone/1.0.6
version/plone plone/2.0
version/plone plone/2.0.1
version/plone plone/2.0.2
version/plone plone/2.0.3
version/plone plone/2.0.4
version/plone plone/2.0.5
version/plone plone/2.1
version/plone plone/2.1.1
version/plone plone/2.1.2
version/plone plone/2.1.3
version/plone plone/2.1.4
version/plone plone/2.5
version/plone plone/2.5.1
version/plone plone/2.5.2
version/plone plone/2.5.3
version/plone plone/2.5.4
version/plone plone/2.5.5
version/plone plone/3.0
version/plone plone/3.0.1
version/plone plone/3.0.2
version/plone plone/3.0.3
version/plone plone/3.0.4
version/plone plone/3.0.5
version/plone plone/3.0.6
version/plone plone/3.1
version/plone plone/3.1.1
version/plone plone/3.1.2
version/plone plone/3.1.3
version/plone plone/3.1.4
version/plone plone/3.1.5.1
version/plone plone/3.1.6
version/plone plone/3.1.7
version/plone plone/3.2
version/plone plone/3.2.1
version/plone plone/3.2.2
version/plone plone/3.2.3
version/plone plone/3.3
version/plone plone/3.3.1
version/plone plone/3.3.2
version/plone plone/3.3.3
version/plone plone/3.3.4
version/plone plone/3.3.5
version/plone plone/4.0
version/plone plone/4.0.1
version/plone plone/4.0.2
version/plone plone/4.0.3
version/plone plone/4.0.4
version/plone plone/4.0.5
version/plone plone/4.0.6.1
version/plone plone/4.1
version/plone plone/4.1.4
version/plone plone/4.1.5
version/plone plone/4.1.6
version/plone plone/4.2
version/plone plone/4.2-a1
version/plone plone/4.2-a2
version/plone plone/4.2-b1
version/plone plone/4.2-b2
version/plone plone/4.2-rc1
version/plone plone/4.2-rc2
version/plone plone/4.2.0.1
version/plone plone/4.2.1
version/plone plone/4.2.1.1
version/plone plone/4.3
vendor/zope
canonical/zope zope
version/zope zope/2.13.10
version/zope zope/2.5.1
version/zope zope/2.6.1
version/zope zope/2.6.4
version/zope zope/2.7.0
version/zope zope/2.7.3
version/zope zope/2.7.4
version/zope zope/2.7.5
version/zope zope/2.7.6
version/zope zope/2.7.7
version/zope zope/2.7.8
version/zope zope/2.8.1
version/zope zope/2.8.4
version/zope zope/2.8.6
version/zope zope/2.8.8
version/zope zope/2.9.2
version/zope zope/2.9.3
version/zope zope/2.9.4
version/zope zope/2.9.5
version/zope zope/2.9.6
version/zope zope/2.9.7
version/zope zope/2.10.3
version/zope zope/2.10.8
version/zope zope/2.11.0
version/zope zope/2.11.1
version/zope zope/2.11.2
version/zope zope/2.11.3
version/zope zope/2.13.0
version/zope zope/2.13.1
version/zope zope/2.13.2
version/zope zope/2.13.3
version/zope zope/2.13.4
version/zope zope/2.13.5
version/zope zope/2.13.6
version/zope zope/2.13.7
version/zope zope/2.13.8
version/zope zope/2.13.9
package-manager/pip

CVE-2012-5489

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact