Lucene search

GitHub Advisory DatabaseGHSA-J5CC-3H6R-JQH4

HistoryMay 03, 2022 - 3:06 a.m.

Zope DocumentTemplate package allows unauthenticated write

2022-05-0303:06:42

CWE-287

GitHub Advisory Database

github.com

zope 2.2

documenttemplate

remote attacker

modify

dtmldocuments

dtmlmethods

authorization

software

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.016

Percentile

87.4%

JSON

The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization.

Affected configurations

Vulners

Node

zopezopeRange≤2.2

VendorProductVersionCPE
zopezope*cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zope	zope	*	cpe:2.3:a:zope:zope::::::::

References

www.redhat.com/support/errata/RHSA-2000-038.html

www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert

exchange.xforce.ibmcloud.com/vulnerabilities/4716

github.com/advisories/GHSA-j5cc-3h6r-jqh4

nvd.nist.gov/vuln/detail/CVE-2000-0483

web.archive.org/web/20000819120649/archives.neohapsis.com/archives/bugtraq/2000-06/0144.html

web.archive.org/web/20000819123924/archives.neohapsis.com/archives/bugtraq/2000-07/0412.html

web.archive.org/web/20010702023709/www.securityfocus.com/bid/1354

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.016

Percentile

87.4%

JSON

Related for GHSA-J5CC-3H6R-JQH4