Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05Y21xLXBqNnAtaGd3Zs1Zrw
Zope does not properly restrict access to the getRoles method
Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.
Permalink: https://github.com/advisories/GHSA-9cmq-pj6p-hgwfJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05Y21xLXBqNnAtaGd3Zs1Zrw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: 8 months ago
Identifiers: GHSA-9cmq-pj6p-hgwf, CVE-2000-0725
References:
- https://nvd.nist.gov/vuln/detail/CVE-2000-0725
- http://www.debian.org/security/2000/20000821
- http://www.redhat.com/support/errata/RHSA-2000-052.html
- http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert
- https://web.archive.org/web/20010219192346/http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.html
- https://web.archive.org/web/20010219192441/http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.html
- https://web.archive.org/web/20010228172804/http://www.securityfocus.com/bid/1577
- https://github.com/advisories/GHSA-9cmq-pj6p-hgwf
Affected Packages
pypi:zope
Dependent packages: 11Dependent repositories: 113
Downloads: 46,314 last month
Affected Version Ranges: < 2.2.1
Fixed in: 2.2.1
All affected versions:
All unaffected versions: 4.1.1, 4.1.2, 4.1.3, 4.2.1, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.5.5, 4.6.1, 4.6.2, 4.6.3, 4.8.1, 4.8.2, 4.8.3, 4.8.4, 4.8.5, 4.8.6, 4.8.7, 4.8.8, 4.8.9, 4.8.10, 4.8.11, 5.1.1, 5.1.2, 5.2.1, 5.5.1, 5.5.2, 5.7.1, 5.7.2, 5.7.3, 5.8.1, 5.8.2, 5.8.3, 5.8.4, 5.8.5, 5.8.6