2 matches found
Improper Privilege Management
Zope and AccessControl is vulnerable to Improper Privilege Management. The vulnerability is due to anonymous users being able to delete user data in AccessControl.userfolder.UserFolder, potentially preventing privileged access. Users unable to upgrade can mitigate by adding dataroles = to...
PT-2024-34872
Name of the Vulnerable Software and Affected Versions Zope AccessControl versions prior to 7.2 Description The issue allows anonymous users to delete the user data maintained by an AccessControl.userfolder.UserFolder, which may prevent any privileged access. Recommendations For versions prior to...