products_genericsetup is vulnerable to information disclosure. The vulnerability exists because the function _ensureSnapshotsFolder
does not tighten the permissions for access control on setup tool log files and snapshot files and folders, allowing anonymous visitors to view log and snapshot files.
CPE | Name | Operator | Version |
---|---|---|---|
products.genericsetup | le | 2.1.0 | |
products.genericsetup | le | 2.1.0 |
www.openwall.com/lists/oss-security/2021/05/21/1
www.openwall.com/lists/oss-security/2021/05/22/1
github.com/advisories/GHSA-jff3-mwp3-f8cw
github.com/zopefoundation/Products.GenericSetup/commit/700319512b3615b3871a1f24e096cf66dc488c57
github.com/zopefoundation/Products.GenericSetup/security/advisories/GHSA-jff3-mwp3-f8cw
pypi.org/project/Products.GenericSetup/