CVE-2009-0669 – zodb3

Package

Manager: pip
Name: zodb3
Vulnerable Version: >=0 <3.8.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:L/SA:N

EPSS: 0.0055 pctl0.66988

Details

Zope Object Database (ZODB) Authentication bypass in ZEO storage servers Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.

Metadata

Created: 2022-05-02T03:17:24Z
Modified: 2024-11-19T18:33:25Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5432-c996-hvhj/GHSA-5432-c996-hvhj.json
CWE IDs: ["CWE-287"]
Alternative ID: GHSA-5432-c996-hvhj
Finding: F006
Auto approve: 1