Description

The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

Remediation

References

CVE-2012-5489

Related Vulnerabilities

Sqlite Out-of-bounds Read Vulnerability (CVE-2021-31239)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Information Disclosure (5.1.2)

MySQL CVE-2019-2681 Vulnerability (CVE-2019-2681)

WordPress Plugin Contextual Related Posts Cross-Site Request Forgery (1.8.6)

Jenkins Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-27901)

Severity

Medium

Classification

CVE-2012-5489 CWE-264

Tags

Missing Update Known Vulnerabilities