GoogleOSV:GHSA-C3RP-4CJH-CP38Zope does not properly verify the access for objects with proxy roles
6.9 Medium
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.8%
Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.
References
marc.info/?l=bugtraq&m=101503023511996&w=2
www.redhat.com/support/errata/RHSA-2002-060.html
github.com/zopefoundation/Zope
launchpad.net/zope2/+milestone/2.4.4
launchpad.net/zope2/+milestone/2.5.1
nvd.nist.gov/vuln/detail/CVE-2002-0170
web.archive.org/web/20021120034302/online.securityfocus.com/bid/4229
web.archive.org/web/20070914020022/xforce.iss.net/xforce/xfdb/8334
Related
6.9 Medium
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.8%