CVE-2012-5505: Plone Information Disclosure
7.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.54399%
CWE
Published
5/17/2022
Updated
10/11/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
plone | pip | < 4.2.3 | 4.2.3 |
Plone | pip | >= 4.3a0, < 4.3b1 | 4.3b1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability explicitly references atat.py as the source file, and the attack vector involves requests for views without a name. In Plone's architecture, views are typically implemented as classes with a call method. The lack of validation for the view name parameter in this handler would directly enable unauthorized data exposure. The association with CVE-2012-5505 in multiple advisories and the patched version 4.2.3 confirms this is the correct entry point.