CVE-2024-51734
CVSS 3.1 Score 0 of 10 (low)
Details
Published Nov 4, 2024
Updated: Nov 5, 2024
CWE ID 284
Summary
CVE-2024-51734 is a vulnerability affecting Zope AccessControl, a security framework in Zope. In certain versions, anonymous users can delete user data maintained by an `AccessControl.userfolder.UserFolder`, potentially disrupting privileged access. The issue is remedied in version 7.2. For those unable to upgrade, adding `data__roles__ = ()` to `AccessControl.userfolder.UserFolder` is recommended as a temporary fix.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share