CVE-2000-0725
EPSS 0.06%Zope does not properly restrict access to the getRoles method
Published: 4/30/2022Modified: 11/8/2023
Also known as:GHSA-9cmq-pj6p-hgwf
Description
Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.
Affected packages (1)
- PyPI/zopefrom 0, < 2.2.1
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2000-0725
- WEBhttps://web.archive.org/web/20010219192346/http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.html
- WEBhttps://web.archive.org/web/20010219192441/http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.html
- WEBhttps://web.archive.org/web/20010228172804/http://www.securityfocus.com/bid/1577
- WEBhttp://www.debian.org/security/2000/20000821
- WEBhttp://www.redhat.com/support/errata/RHSA-2000-052.html
- WEBhttp://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert