Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-5489

The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

Related bugs and status

CVE-2012-5489 (Candidate) is related to these bugs:

Bug #1079238: App.Undo.UndoSupport.get_request_var_or_attr exposes attributes

Summary				In	Importance	Status
	1079238	App.Undo.UndoSupport.get_request_var_or_attr exposes attributes		Zope 2	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.openwall.co...
MISC: https://bugs.launchpad...
MISC: https://github.com/plo...
MISC: https://plone.org/prod...
MISC: https://plone.org/prod...