CVE-2022-48367

Access control issue in ezsystems/ezpublish-kernel in packagist/ezsystems/ezpublish-kernel

Identifiers

CVE-2022-48367, GHSA-5x4f-7xgq-r42x, GHSA-h5v2-wrhp-5v35

Package Slug

packagist/ezsystems/ezpublish-kernel

Vulnerability

Access control issue in ezsystems/ezpublish-kernel

Description

An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled.

Affected Versions

All versions starting from 3.3.0 before 3.3.18, all versions starting from 4.0.0 before 4.0.5, all versions starting from 4.1.0 before 4.1.2

Solution

Upgrade to version 5.0.0 or above.

Last Modified

2023-03-16

source