CVE-2002-0170 – zope

Package

Manager: pip
Name: zope
Vulnerable Version: >=2.2.0 <2.4.4 || >=2.5.0 <2.5.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00743 pctl0.7211

Details

Zope does not properly verify the access for objects with proxy roles Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.

Metadata

Created: 2022-04-30T18:18:41Z
Modified: 2024-02-12T17:57:56Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-c3rp-4cjh-cp38/GHSA-c3rp-4cjh-cp38.json
CWE IDs: ["CWE-284"]
Alternative ID: GHSA-c3rp-4cjh-cp38
Finding: F039
Auto approve: 1