PT-2009-5090 · Zope · Zeo+1

Jim Fulton

Published

2009-09-08

Updated

2022-05-02

CVE-2009-2701

CVSS v4.0

9.3

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N

Name of the Vulnerable Software and Affected Versions Zope Object Database (ZODB) versions 3.8.0 through 3.8.2 Zope Object Database (ZODB) versions 3.9.x prior to 3.9.0c2

Description The issue affects the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB). When certain ZEO database sharing and blob support are enabled, remote authenticated users can read or delete arbitrary files via unknown vectors.

Recommendations For Zope Object Database (ZODB) versions 3.8.0 through 3.8.2, update to version 3.8.3 or later. For Zope Object Database (ZODB) versions 3.9.x prior to 3.9.0c2, update to version 3.9.0c2 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2009-2701

GHSA-M52M-2QPX-9J4J

PYSEC-2009-10

Affected Products

Zeo

Zodb

PT-2009-5090 · Zope · Zeo+1

CVE-2009-2701

Related Identifiers

Affected Products

References · 9