CVE-2009-0669
HIGH7.5EPSS 0.65%Zope Object Database (ZODB) Authentication bypass in ZEO storage servers
Published: 5/2/2022Modified: 11/19/2024
Description
Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.
Affected packages (2)
- PyPI/zodb3from 0, < 3.8.2
- PyPI/zodb3from 0, < 3.8.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:L/SA:N |
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
References (11)
- ADVISORYhttp://secunia.com/advisories/36204
- ADVISORYhttp://secunia.com/advisories/36205
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2009-0669
- ADVISORYhttp://www.vupen.com/english/advisories/2009/2217
- PATCHhttps://github.com/zopefoundation/ZODB3
- WEBhttp://mail.zope.org/pipermail/zope-announce/2009-August/002220.html
- WEBhttp://osvdb.org/56826
- WEBhttp://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/52379
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/zodb3/PYSEC-2009-9.yaml
- WEBhttp://www.securityfocus.com/bid/35987