Improper Privilege Management

Zope and AccessControl is vulnerable to Improper Privilege Management. The vulnerability is due to anonymous users being able to delete user data in AccessControl.userfolder.UserFolder, potentially preventing privileged access. Users unable to upgrade can mitigate by adding dataroles = to...

PT-2024-34872 · Zope · Zope Accesscontrol

Name of the Vulnerable Software and Affected Versions: Zope AccessControl versions prior to 7.2 Description: The issue allows anonymous users to delete the user data maintained by an AccessControl.userfolder.UserFolder, which may prevent any privileged access. Recommendations: For versions prior ...