CVE-2009-0669 — Improper Authentication in Zodb

CWE-287 — Improper Authentication8 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 32.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zope Zodb

Timeline

PublishedAug 7

Latest updateMay 2

Description

Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDzope/zodb3.8.1+2

Patches

Patch: pypi.python.org ↗Patch: pypi.python.org ↗

🔴Vulnerability Details

GHSA

Zope Object Database (ZODB) Authentication bypass in ZEO storage servers↗2022-05-02

▶

OSV

Zope Object Database (ZODB) Authentication bypass in ZEO storage servers↗2022-05-02

▶

OSV

CVE-2009-0669: Zope Object Database (ZODB) before 3↗2009-08-07

▶

📋Vendor Advisories

Ubuntu

Zope vulnerabilities↗2009-10-14

▶

Red Hat

zope: ZEO authentication bypass↗2009-08-06

▶

💬Community

Bugzilla

CVE-2009-0668 zope: ZEO arbitrary Python code execution in the context of server process↗2009-07-23

▶

Bugzilla

CVE-2009-0669 zope: ZEO authentication bypass↗2009-07-23

▶