CVE-2012-5493

gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.

Published Bysecalert@redhat.com

Published DateSep 30, 2014, 14:55

Affected Versions(2)

Plone(PyPI)

Introduced0

Fixed4.2.3

LimitN/A

Plone(PyPI)

Introduced4.3a0

Fixed4.3b1

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
Plone(PyPI)	0	4.2.3	N/A
Plone(PyPI)	4.3a0	4.3b1	N/A

Weakness Type (CWE):CWE-94

CVSS Metrics

Base Score

8.5

Vector String

AV:N/AC:M/Au:S/C:C/I:C/A:C

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

COMPLETE

Integrity (I)

COMPLETE

Availability (A)

COMPLETE

References

Weakness Type (CWE):CWE-94

CVSS Metrics

Base Score

8.5

Vector String

AV:N/AC:M/Au:S/C:C/I:C/A:C

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

COMPLETE

Integrity (I)

COMPLETE

Availability (A)

COMPLETE