{
  "threat_severity" : "Moderate",
  "public_date" : "2012-11-06T00:00:00Z",
  "bugzilla" : {
    "description" : "(Plone): Partial restricted Python sandbox escape",
    "id" : "878961",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=878961"
  },
  "cvss" : {
    "cvss_base_score" : "3.6",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:S/C:P/I:P/A:N",
    "status" : "draft"
  },
  "details" : [ "The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors." ],
  "statement" : "Not vulnerable. This issue did not affect the versions of luci (as provided by conga) as shipped with Red Hat Enterprise Linux 5.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "conga",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2012-5489\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-5489" ],
  "name" : "CVE-2012-5489",
  "csaw" : false
}