Summaryinfo

A vulnerability was found in Plone up to 1.0.5. It has been declared as problematic. Affected is an unknown function. Executing a manipulation can lead to information disclosure. This vulnerability is handled as CVE-2012-5505. There is not any exploit available. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability classified as problematic was found in Plone up to 1.0.5 (Content Management System). This vulnerability affects some unknown processing. The manipulation with an unknown input leads to a information disclosure vulnerability. The CWE definition for the vulnerability is CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. As an impact it is known to affect confidentiality. CVE summarizes:

atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name.

The weakness was released 09/30/2014 (Website). The advisory is available at plone.org. This vulnerability was named CVE-2012-5505 since 10/24/2012. The exploitation appears to be easy. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1592 by the MITRE ATT&CK project.

Upgrading to version 1.0.6 eliminates this vulnerability.

Entries connected to this vulnerability are available at VDB-11635, VDB-71688, VDB-71687 and VDB-71685. Once again VulDB remains the best source for vulnerability data.

Productinfo

Type

• Content Management System

Name

• Plone

Version

• 1.0.0
• 1.0.1
• 1.0.2
• 1.0.3
• 1.0.4
• 1.0.5

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion