CVE-2000-0725 – zope

Package

Manager: pip
Name: zope
Vulnerable Version: >=0 <2.2.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00055 pctl0.17279

Details

Zope does not properly restrict access to the getRoles method Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.

Metadata

Created: 2022-04-30T18:14:11Z
Modified: 2023-09-18T22:28:17Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-9cmq-pj6p-hgwf/GHSA-9cmq-pj6p-hgwf.json
CWE IDs: ["CWE-284"]
Alternative ID: GHSA-9cmq-pj6p-hgwf
Finding: F039
Auto approve: 1