CVE-2000-0725

Опубликовано: 10 авг. 2000

Источник: redhat

Описание

Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.

Отчет

This issue was fixed in the following products:

Red Hat Powertools 6.1 - RHSA-2000:052 (2000-08-11)
Red Hat Powertools 6.2 - RHSA-2000:052 (2000-08-11)

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2000-0725
https://nvd.nist.gov/vuln/detail/CVE-2000-0725

Дополнительная информация

https://bugzilla.redhat.com/show_bug.cgi?id=1616508security flaw

Связанные уязвимости

CVE-2000-0725

nvd

почти 25 лет назад

Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.

GHSA-9cmq-pj6p-hgwf

github

больше 3 лет назад

Zope does not properly restrict access to the getRoles method