漏洞标题
在Products.GenericSetup中,敏感信息可能会暴露给未经授权的演员。
漏洞描述信息
在Products.GenericSetup中,敏感信息可能会暴露给未经授权的演员。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
漏洞类别
N/A
漏洞标题
Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup
漏洞描述信息
Products.GenericSetup is a mini-framework for expressing the configured state of a Zope Site as a set of filesystem artifacts. In Products.GenericSetup before version 2.1.1 there is an information disclosure vulnerability - anonymous visitors may view log and snapshot files generated by the Generic Setup Tool. The problem has been fixed in version 2.1.1. Depending on how you have installed Products.GenericSetup, you should change the buildout version pin to 2.1.1 and re-run the buildout, or if you used pip simply do pip install `"Products.GenericSetup>=2.1.1"`.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
漏洞类别
信息暴露
漏洞标题
GenericSetup 信息泄露漏洞
漏洞描述信息
GenericSetup是开源的一个迷你框架,用于将Zope Site的配置状态表示为一组文件系统工件。 GenericSetup 2.1.1之前版本存在信息泄露漏洞,该漏洞源于允许匿名访问者可能会查看由通用安装工具生成的日志和快照文件。
CVSS信息
N/A
漏洞类别
信息泄露