CVE-2000-0725

Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zope:zope:1.10.3:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.1.7:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.2_beta1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2000-10-20 04:00

Updated : 2024-02-04 16:31


NVD link : CVE-2000-0725

Mitre link : CVE-2000-0725

CVE.ORG link : CVE-2000-0725


JSON object : View

Products Affected

zope

  • zope