Test Kennung:	1.3.6.1.4.1.25623.1.0.151104
Kategorie:	Web Servers
Titel:	Zope Information Disclosure Vulnerability (GHSA-8xv7-89vj-q48c)
Zusammenfassung:	Zope is prone to an information disclosure vulnerability; through Python's 'format' functionality.
Beschreibung:	Summary: Zope is prone to an information disclosure vulnerability through Python's 'format' functionality. Vulnerability Insight: Python's 'format' functionality allows someone controlling the format string to 'read' objects accessible (recursively) via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use Python's full blown getattr and getitem, not the policy restricted AccessControl variants _getattr_ and _getitem_. This can lead to critical information disclosure. Affected Software/OS: Zope version 4.8.8 and prior and version 5.x through 5.8.3. Solution: Update to version 4.8.9, 5.8.4 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2023-41050 https://github.com/zopefoundation/AccessControl/commit/6bc32692e0d4b8d5cf64eae3d19de987c7375bc9 https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-8xv7-89vj-q48c
Copyright	Copyright (C) 2023 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.