CVE-2000-0725: Zope does not properly restrict access to the getRoles method
(updated )
Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.
References
- www.debian.org/security/2000/20000821
- www.redhat.com/support/errata/RHSA-2000-052.html
- www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert
- github.com/advisories/GHSA-9cmq-pj6p-hgwf
- nvd.nist.gov/vuln/detail/CVE-2000-0725
- web.archive.org/web/20010219192346/http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.html
- web.archive.org/web/20010219192441/http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.html
- web.archive.org/web/20010228172804/http://www.securityfocus.com/bid/1577
Detect and mitigate CVE-2000-0725 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →