Vulnerabilities > CVE-2001-0128

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE

Summary

Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.

Nessus

NASL familyMandriva Local Security Checks
NASL idMANDRAKE_MDKSA-2000-086.NASL
descriptionA potential security issue exists in versions of Zope up to and including 2.2.4. This issue involves incorrect protection of a data updating method on Image and File objects. Because the method was not correctly protected, it was possible for users with DTML editing privileges to update the raw data of a File or Image object via DTML though they did not have editing privileges on the objects themselves. This update replaces the previous Zope update noted in MDKSA-2000:083.
last seen2020-06-01
modified2020-06-02
plugin id61872
published2012-09-06
reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/61872
titleMandrake Linux Security Advisory : Zope (MDKSA-2000:086)

Redhat

advisories
rhsa
idRHSA-2000:127