Test ID:	1.3.6.1.4.1.25623.1.0.151104
Category:	Web Servers
Title:	Zope Information Disclosure Vulnerability (GHSA-8xv7-89vj-q48c)
Summary:	Zope is prone to an information disclosure vulnerability; through Python's 'format' functionality.
Description:	Summary: Zope is prone to an information disclosure vulnerability through Python's 'format' functionality. Vulnerability Insight: Python's 'format' functionality allows someone controlling the format string to 'read' objects accessible (recursively) via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use Python's full blown getattr and getitem, not the policy restricted AccessControl variants _getattr_ and _getitem_. This can lead to critical information disclosure. Affected Software/OS: Zope version 4.8.8 and prior and version 5.x through 5.8.3. Solution: Update to version 4.8.9, 5.8.4 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-41050 https://github.com/zopefoundation/AccessControl/commit/6bc32692e0d4b8d5cf64eae3d19de987c7375bc9 https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-8xv7-89vj-q48c
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.