Lucene search

GitHub Advisory DatabaseGHSA-H2XH-JVPF-XQ42

HistoryApr 30, 2022 - 6:15 p.m.

Zope does not properly perform security registration for legacy names

2022-04-3018:15:07

CWE-287

GitHub Advisory Database

github.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.9%

JSON

Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities.

Affected configurations

Vulners

Node

zopezopeRange≤2.2.4

CPENameOperatorVersion
zopele2.2.4

CPE	Name	Operator	Version
	zope	le	2.2.4

References

www.redhat.com/support/errata/RHSA-2000-125.html

www.zope.org/Products/Zope/Hotfix_2000-12-08/security_alert

github.com/advisories/GHSA-h2xh-jvpf-xq42

nvd.nist.gov/vuln/detail/CVE-2000-1211

web.archive.org/web/20010910131909/www.linux-mandrake.com/en/security/2000/MDKSA-2000-083.php3

web.archive.org/web/20021227061438/www.iss.net/security_center/static/5824.php

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.9%

JSON

Related for GHSA-H2XH-JVPF-XQ42