Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Zodb | Zope | * | 3.8.1 (including) |
| Zodb | Zope | 3.8 (including) | 3.8 (including) |
| Zodb | Zope | 3.8.0 (including) | 3.8.0 (including) |
| Zodb | Ubuntu | dapper | * |
| Zodb | Ubuntu | hardy | * |
| Zodb | Ubuntu | intrepid | * |
| Zodb | Ubuntu | jaunty | * |
| Zodb | Ubuntu | upstream | * |
| Zope2.10 | Ubuntu | hardy | * |
| Zope2.10 | Ubuntu | intrepid | * |
| Zope2.10 | Ubuntu | jaunty | * |
| Zope2.10 | Ubuntu | upstream | * |
| Zope2.11 | Ubuntu | karmic | * |
| Zope2.8 | Ubuntu | dapper | * |
| Zope2.9 | Ubuntu | dapper | * |
| Zope2.9 | Ubuntu | hardy | * |
| Zope2.9 | Ubuntu | intrepid | * |
| Zope3 | Ubuntu | dapper | * |
| Zope3 | Ubuntu | hardy | * |
| Zope3 | Ubuntu | intrepid | * |
| Zope3 | Ubuntu | jaunty | * |