GHSA-9CMQ-PJ6P-HGWF Zope does not properly restrict access to the getRoles method

Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request...

Mandrake Linux Security Advisory : Zope (MDKSA-2000:035)

A problem exists in the Zope package with the getRoles method of user objects contained in the default UserFolder implementation. Users with the ability to edit DTML could arrange to give themselves extra roles for the duration of a single request by mutating the roles list as a part of the reque...

CVE-2000-0725

Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request...

CVE-2000-0725

CVE-2000-0725 affects Zope prior to 2.2.1. The vulnerability arises in the getRoles method, where access is insufficiently restricted, allowing a user who can edit DTML to modify the roles list included in a request and thereby add or modify roles. The issue is described across multiple connected...