CVE-2024-51734— Zope AccessControl 访问控制错误漏洞

User data deletion by anoynmous users in Zope

Zope AccessControl provides a general security framework for use in Zope. In affected versions anonymous users can delete the user data maintained by an `AccessControl.userfolder.UserFolder` which may prevent any privileged access. This problem has been fixed in version 7.2. Users are advised to upgrade. Users unable to upgrade may address the issue by adding `data__roles__ = ()` to `AccessControl.userfolder.UserFolder`.

N/A

访问控制不恰当

Zope AccessControl 访问控制错误漏洞

Zope AccessControl是Zope基金会的Zope中使用的通用安全框架。 Zope AccessControl 7.2之前版本存在访问控制错误漏洞，该漏洞源于攻击者可以删除由AccessControl.userfolder.UserFolder维护的用户数据，从而会阻止任何特权访问。

N/A

N/A