Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
User data deletion by anoynmous users in Zope
Vulnerability Description
Zope AccessControl provides a general security framework for use in Zope. In affected versions anonymous users can delete the user data maintained by an `AccessControl.userfolder.UserFolder` which may prevent any privileged access. This problem has been fixed in version 7.2. Users are advised to upgrade. Users unable to upgrade may address the issue by adding `data__roles__ = ()` to `AccessControl.userfolder.UserFolder`.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Zope AccessControl 访问控制错误漏洞
Vulnerability Description
Zope AccessControl是Zope基金会的Zope中使用的通用安全框架。 Zope AccessControl 7.2之前版本存在访问控制错误漏洞,该漏洞源于攻击者可以删除由AccessControl.userfolder.UserFolder维护的用户数据,从而会阻止任何特权访问。
CVSS Information
N/A
Vulnerability Type
N/A