QwikSec

Security Database

CVE

CWE

Training

CVE-2024-51734

Published: Nov 4, 2024

Modified: Jan 22, 2025

PUBLISHED

Description

Zope AccessControl provides a general security framework for use in Zope. In affected versions anonymous users can delete the user data maintained by an `AccessControl.userfolder.UserFolder` which may prevent any privileged access. This problem has been fixed in version 7.2. Users are advised to upgrade. Users unable to upgrade may address the issue by adding `data__roles__ = ()` to `AccessControl.userfolder.UserFolder`.

Vendor	Product	Versions
zopefoundation	AccessControl	affected `Zope AccessControl: < 7.2` affected `Zope bundle: < 5.11.1`

Weaknesses (CWE)

References

https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-g5vw-3h65-2q3v

x_refsource_CONFIRM

https://github.com/zopefoundation/AccessControl/issues/159

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.