CVE Vulnerabilities

CVE-2012-5487

Published: Sep 30, 2014 | Modified: Oct 01, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
8.5 HIGH
AV:N/AC:M/Au:S/C:C/I:C/A:C
RedHat/V2
6 MODERATE
AV:N/AC:M/Au:S/C:P/I:P/A:P
RedHat/V3
Ubuntu

The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.

Affected Software

Name Vendor Start Version End Version
Plone Plone * 4.2.2 (including)
Plone Plone 1.0 (including) 1.0 (including)
Plone Plone 1.0.1 (including) 1.0.1 (including)
Plone Plone 1.0.2 (including) 1.0.2 (including)
Plone Plone 1.0.3 (including) 1.0.3 (including)
Plone Plone 1.0.4 (including) 1.0.4 (including)
Plone Plone 1.0.5 (including) 1.0.5 (including)
Plone Plone 1.0.6 (including) 1.0.6 (including)
Plone Plone 2.0 (including) 2.0 (including)
Plone Plone 2.0.1 (including) 2.0.1 (including)
Plone Plone 2.0.2 (including) 2.0.2 (including)
Plone Plone 2.0.3 (including) 2.0.3 (including)
Plone Plone 2.0.4 (including) 2.0.4 (including)
Plone Plone 2.0.5 (including) 2.0.5 (including)
Plone Plone 2.1 (including) 2.1 (including)
Plone Plone 2.1.1 (including) 2.1.1 (including)
Plone Plone 2.1.2 (including) 2.1.2 (including)
Plone Plone 2.1.3 (including) 2.1.3 (including)
Plone Plone 2.1.4 (including) 2.1.4 (including)
Plone Plone 2.5 (including) 2.5 (including)
Plone Plone 2.5.1 (including) 2.5.1 (including)
Plone Plone 2.5.2 (including) 2.5.2 (including)
Plone Plone 2.5.3 (including) 2.5.3 (including)
Plone Plone 2.5.4 (including) 2.5.4 (including)
Plone Plone 2.5.5 (including) 2.5.5 (including)
Plone Plone 3.0 (including) 3.0 (including)
Plone Plone 3.0.1 (including) 3.0.1 (including)
Plone Plone 3.0.2 (including) 3.0.2 (including)
Plone Plone 3.0.3 (including) 3.0.3 (including)
Plone Plone 3.0.4 (including) 3.0.4 (including)
Plone Plone 3.0.5 (including) 3.0.5 (including)
Plone Plone 3.0.6 (including) 3.0.6 (including)
Plone Plone 3.1 (including) 3.1 (including)
Plone Plone 3.1.1 (including) 3.1.1 (including)
Plone Plone 3.1.2 (including) 3.1.2 (including)
Plone Plone 3.1.3 (including) 3.1.3 (including)
Plone Plone 3.1.4 (including) 3.1.4 (including)
Plone Plone 3.1.5.1 (including) 3.1.5.1 (including)
Plone Plone 3.1.6 (including) 3.1.6 (including)
Plone Plone 3.1.7 (including) 3.1.7 (including)
Plone Plone 3.2 (including) 3.2 (including)
Plone Plone 3.2.1 (including) 3.2.1 (including)
Plone Plone 3.2.2 (including) 3.2.2 (including)
Plone Plone 3.2.3 (including) 3.2.3 (including)
Plone Plone 3.3 (including) 3.3 (including)
Plone Plone 3.3.1 (including) 3.3.1 (including)
Plone Plone 3.3.2 (including) 3.3.2 (including)
Plone Plone 3.3.3 (including) 3.3.3 (including)
Plone Plone 3.3.4 (including) 3.3.4 (including)
Plone Plone 3.3.5 (including) 3.3.5 (including)
Plone Plone 4.0 (including) 4.0 (including)
Plone Plone 4.0.1 (including) 4.0.1 (including)
Plone Plone 4.0.2 (including) 4.0.2 (including)
Plone Plone 4.0.3 (including) 4.0.3 (including)
Plone Plone 4.0.4 (including) 4.0.4 (including)
Plone Plone 4.0.5 (including) 4.0.5 (including)
Plone Plone 4.0.6.1 (including) 4.0.6.1 (including)
Plone Plone 4.1 (including) 4.1 (including)
Plone Plone 4.1.4 (including) 4.1.4 (including)
Plone Plone 4.1.5 (including) 4.1.5 (including)
Plone Plone 4.1.6 (including) 4.1.6 (including)
Plone Plone 4.2 (including) 4.2 (including)
Plone Plone 4.2-a1 (including) 4.2-a1 (including)
Plone Plone 4.2-a2 (including) 4.2-a2 (including)
Plone Plone 4.2-b1 (including) 4.2-b1 (including)
Plone Plone 4.2-b2 (including) 4.2-b2 (including)
Plone Plone 4.2-rc1 (including) 4.2-rc1 (including)
Plone Plone 4.2-rc2 (including) 4.2-rc2 (including)
Plone Plone 4.2.0.1 (including) 4.2.0.1 (including)
Plone Plone 4.2.1 (including) 4.2.1 (including)
Plone Plone 4.2.1.1 (including) 4.2.1.1 (including)
Plone Plone 4.3 (including) 4.3 (including)

References