CVE-2024-51734

EUVD-2024-3250
Zope AccessControl provides a general security framework for use in Zope. In affected versions anonymous users can delete the user data maintained by an `AccessControl.userfolder.UserFolder` which may prevent any privileged access. This problem has been fixed in version 7.2. Users are advised to upgrade. Users unable to upgrade may address the issue by adding `data__roles__ = ()` to `AccessControl.userfolder.UserFolder`.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
zopeaccesscontrol
𝑥
< 7.2
ADP
zopeaccesscontrol
𝑥
< 5.11.1
ADP
Common Weakness Enumeration
References
https://github.com/zopefoundation/AccessControl/issues/159
https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-g5vw-3h65-2q3v