Описание
Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.
Отчет
This issue was fixed in the following products:
- Red Hat Powertools 6.1 - RHSA-2000:052 (2000-08-11)
- Red Hat Powertools 6.2 - RHSA-2000:052 (2000-08-11)
Дополнительная информация
https://bugzilla.redhat.com/show_bug.cgi?id=1616508security flaw
EPSS
Процентиль: 17%
0.00055
Низкий
Связанные уязвимости
nvd
больше 25 лет назад
Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.
github
почти 4 года назад
Zope does not properly restrict access to the getRoles method
EPSS
Процентиль: 17%
0.00055
Низкий