CVE-2000-0725
CVSS 7.2 - HIGH
Description
Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.
Affected Products
4| Vendor | Product | Version |
|---|---|---|
| zope | zope |
1.10.3
|
| zope | zope |
2.1.1
|
| zope | zope |
2.1.7
|
| zope | zope |
2.2_beta1
|
References
Weakness Types
NVD-CWE-Other
CVE Information
- CVE ID:
CVE-2000-0725- Published:
- 2000-10-20
- Modified:
- 2026-04-16
- CVSS Score:
- 7.2
- Severity:
- HIGH
- Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected Vendors
zope
Quick Actions
CVSS Severity Scale
0.0 - 3.9
LOW
4.0 - 6.9
MEDIUM
7.0 - 8.9
HIGH
9.0 - 10.0
CRITICAL