Tres Seaver

**Name of the Vulnerable Software and Affected Versions** Zope versions prior to 2.12.21 Zope versions 2.13.x prior to 2.13.11 Plone versions prior to 4.2.3 Plone version 4.3 before beta 1 **Description** The issue allows remote authenticated users to gain access to restricted attributes via unspecified vectors. This is due to a problem in the `get request var or attr` function of `App.Undo.UndoSupport` in Zope, which is also used in Plone. **Recommendations** For Zope versions prior to 2.12.21, update to version 2.12.21 or later. For Zope versions 2.13.x prior to 2.13.11, update to version 2.13.11 or later. For Plone versions prior to 4.2.3, update to version 4.2.3 or later. For Plone version 4.3 before beta 1, update to beta 1 or later.