ezsystems/ez-support-tools Failing access control in system info view
This Security Advisory is about a vulnerability in ezsystems/ez-support-tools v2.2, part of Ibexa DXP v3.2. Older versions are not affected. A user having insufficient permissions is able to access the system information tabs if they type in the direct link (the link is not shown in the menu). The "Setup / System info" policy should be required to access it, but only backend login is actually required. This means any …