VYPR
High severityNVD Advisory· Published Sep 30, 2014· Updated Jun 16, 2026

CVE-2012-5489

CVE-2012-5489

Description

The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Zope2PyPI
< 2.12.212.12.21
Zope2PyPI
>= 2.13.0, < 2.13.112.13.11
PlonePyPI
>= 3.2.2, < 4.2.34.2.3
PlonePyPI
>= 4.3a1, < 4.3b14.3b1

Affected products

111
  • cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*+ 71 more
    • cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*range: <=4.2.2
    • cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*
  • Zope/Zope37 versions
    cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*+ 36 more
    • cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*range: <=2.13.10
    • cpe:2.3:a:zope:zope:2.10.3:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.10.8:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.11.0:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.11.1:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.11.2:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.11.3:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.13.0:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.13.1:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.13.2:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.13.3:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.13.4:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.13.5:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.13.6:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.13.7:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.13.8:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.13.9:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.7.5:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.7.6:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.7.7:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.7.8:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.8.4:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.8.6:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.8.8:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.9.4:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.9.5:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.9.6:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.9.7:*:*:*:*:*:*:*
  • ghsa-coords2 versions
    >= 3.2.2, < 4.2.3+ 1 more
    • (no CPE)range: >= 3.2.2, < 4.2.3
    • (no CPE)range: < 2.12.21

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.