CVE-2002-0170
EPSS 0.74%Zope does not properly verify the access for objects with proxy roles
Published: 4/30/2022Modified: 2/12/2024
Description
Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.
Affected packages (1)
- PyPI/zope>= 2.2.0, < 2.4.4
References (8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2002-0170
- PATCHhttps://github.com/zopefoundation/Zope
- WEBhttp://marc.info/?l=bugtraq&m=101503023511996&w=2
- WEBhttps://launchpad.net/zope2/+milestone/2.4.4
- WEBhttps://launchpad.net/zope2/+milestone/2.5.1
- WEBhttps://web.archive.org/web/20021120034302/http://online.securityfocus.com/bid/4229
- WEBhttps://web.archive.org/web/20070914020022/http://xforce.iss.net/xforce/xfdb/8334
- WEBhttp://www.redhat.com/support/errata/RHSA-2002-060.html