Partial permissions bypass

Can be used to access a subset of attributes of unpublished content items through a crafted URL, if that content's path is known

This vulnerability allows anonymous users to determine a subset of content metadata about hidden objects by guessing partial values.

Information for security researchers

CVE Identifier: CVE-2012-5492
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Overall CVSS Score: 3.2
Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:O/RC:C)
CWE: CWE-749, CWE-306
Credit: Richard Mitchell (Plone security Team)