Zope Local Role Computation Error Privilege Escalation
Local Access Required
Attack Type Unknown
Loss of Confidentiality,
Loss of Integrity
Zope contains a flaw that may allow a malicious user to gain access to unauthorized privileges. In some situations the computation was not climbing the correct hierarchy of folders, granting local roles inappropriately. Exploitation of this issue could grant a local user with privileges in one folder the same privileges specified in another folder. This flaw may lead to a loss of confidentiality and integrity.
Upgrade to version 2.2.5 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Apply hotfix from vendor