You are not logged in Log in Join
You are here: Home » Download Zope Products » Zope » Hotfix-200400807 » Hotfix-20040807 Alert » View NewsItem

Log in
Name

Password

 

Hotfix-20040807 Alert

This hotfix repairs a failed permission check in OFS.CopySupport's cut-paste handling.

Overview

This hotfix addresses a security issue reported in CMF Collector #259 (http://zope.org/Collectors/CMF/259). This issue concerns a defective privilege check in the OFS.CopySupport module, which may permit unprivilieged (but authenticated) users of a site to move content into a folder under their control.

Affected Versions

This issue affects Zope version 2.7.2 and earlier, and has been resolved for Zope version 2.7.3 and later. Users of affected Zope versions should remove the hotfix after upgrading to version 2.7.3 or later.

Getting the Hotfix

The hotfix product is available from the zope.org site

Please see the README.txt for a description of the problem and installation directions for the hotfix.

Comment

Discussion icon Insufficient Privileges

Posted by: peterbe at 2004-08-11

Why do I get Insufficient Privileges when trying to access: http://zope.org/Collectors/CMF/259 ?