Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.html | Patch Vendor Advisory |
http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.html | Patch |
http://www.debian.org/security/2000/20000821 | Vendor Advisory |
http://www.redhat.com/support/errata/RHSA-2000-052.html | |
http://www.securityfocus.com/bid/1577 | Patch Vendor Advisory |
http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2000-10-20 04:00
Updated : 2024-02-04 16:31
NVD link : CVE-2000-0725
Mitre link : CVE-2000-0725
CVE.ORG link : CVE-2000-0725
JSON object : View
Products Affected
zope
- zope
CWE