PT-2014-2320 · Plone Foundation · Plone
Alan Hoey
·
Published
2014-09-30
·
Updated
2022-05-17
·
CVE-2012-5493
CVSS v2.0
8.5
High
| Vector | AV:N/AC:M/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Plone versions prior to 4.2.3
Plone versions 4.3 before beta 1
Description
The issue allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors. This is related to the
gtbn.py module.Recommendations
For Plone versions prior to 4.2.3, update to version 4.2.3 or later.
For Plone versions 4.3 before beta 1, update to beta 1 or later.
As a temporary workaround, consider restricting access to the
gtbn.py module to minimize the risk of exploitation.Fix
Protection Mechanism Failure
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Plone