NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2024-51734

Summary	Zope AccessControl provides a general security framework for use in Zope. In affected versions anonymous users can delete the user data maintained by an `AccessControl.userfolder.UserFolder` which may prevent any privileged access. This problem has been fixed in version 7.2. Users are advised to upgrade. Users unable to upgrade may address the issue by adding `data__roles__ = ()` to `AccessControl.userfolder.UserFolder`.
Publication Date	Nov. 5, 2024, 8:15 a.m.
Registration Date	Nov. 5, 2024, noon
Last Update	Nov. 6, 2024, 1:04 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-g5vw-3h65-2q3v
2	https://github.com/zopefoundation/AccessControl/issues/159

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-284	不適切なアクセス制御	https://cwe.mitre.org/data/definitions/284.html