PT-2014-2320 · Plone Foundation · Plone

Alan Hoey

Publicado

2014-09-30

Atualizado

2022-05-17

CVE-2012-5493

CVSS v2.0

8.5

Alta

Vetor

AV:N/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Plone versions prior to 4.2.3 Plone versions 4.3 before beta 1

Description The issue allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors. This is related to the gtbn.py module.

Recommendations For Plone versions prior to 4.2.3, update to version 4.2.3 or later. For Plone versions 4.3 before beta 1, update to beta 1 or later. As a temporary workaround, consider restricting access to the gtbn.py module to minimize the risk of exploitation.

Correção

Protection Mechanism Failure

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-693CWE-94

Identificadores relacionados

CVE-2012-5493

GHSA-25JH-5H5R-H33M

PYSEC-2014-35

Produtos afetados

Plone

PT-2014-2320 · Plone Foundation · Plone

CVE-2012-5493

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10