Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Zope | Zope | 2.2.0 (including) | 2.2.0 (including) |
| Zope | Zope | 2.2.1 (including) | 2.2.1 (including) |
| Zope | Zope | 2.2.2 (including) | 2.2.2 (including) |
| Zope | Zope | 2.2.3 (including) | 2.2.3 (including) |
| Zope | Zope | 2.2.4 (including) | 2.2.4 (including) |
| Zope | Zope | 2.2.5 (including) | 2.2.5 (including) |
| Zope | Zope | 2.3.0 (including) | 2.3.0 (including) |
| Zope | Zope | 2.3.1 (including) | 2.3.1 (including) |
| Zope | Zope | 2.3.2 (including) | 2.3.2 (including) |
| Zope | Zope | 2.3.3 (including) | 2.3.3 (including) |
| Zope | Zope | 2.4.0 (including) | 2.4.0 (including) |
| Zope | Zope | 2.4.1 (including) | 2.4.1 (including) |
| Zope | Zope | 2.4.2 (including) | 2.4.2 (including) |
| Zope | Zope | 2.4.3 (including) | 2.4.3 (including) |
| Zope | Zope | 2.4.4b1 (including) | 2.4.4b1 (including) |
| Zope | Zope | 2.5.0 (including) | 2.5.0 (including) |
| Zope | Zope | 2.5.1b1 (including) | 2.5.1b1 (including) |
| Red Hat Powertools 7.0 | RedHat | * | |
| Red Hat Powertools 7.1 | RedHat | * |
References
- http://marc.info/?l=bugtraq\u0026m=101503023511996\u0026w=2
- http://www.iss.net/security_center/static/8334.php
- http://www.osvdb.org/5350
- http://www.redhat.com/support/errata/RHSA-2002-060.html
- http://www.securityfocus.com/bid/4229
- http://www.zope.org/Products/Zope/hotfixes/
- http://marc.info/?l=bugtraq\u0026m=101503023511996\u0026w=2
- http://www.iss.net/security_center/static/8334.php
- http://www.osvdb.org/5350
- http://www.redhat.com/support/errata/RHSA-2002-060.html
- http://www.securityfocus.com/bid/4229
- http://www.zope.org/Products/Zope/hotfixes/