Zope AccessControl provides a general security framework for use in Zope. In affected versions anonymous users can delete the user data maintained by an `AccessControl.userfolder.UserFolder` which may prevent any privileged access. This problem has been fixed in version 7.2. Users are advised to upgrade. Users unable to upgrade may address the issue by adding `data__roles__ = ()` to `AccessControl.userfolder.UserFolder`.
CVSS
No CVSS.
References
Configurations
No configuration.
History
22 Jan 2025, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
Information
Published : 2024-11-04 23:15
Updated : 2025-01-22 20:15
NVD link : CVE-2024-51734
Mitre link : CVE-2024-51734
CVE.ORG link : CVE-2024-51734
JSON object : View
Products Affected
No product.
CWE
CWE-284
Improper Access Control