Security
Headlines

Headlines Latest CVEs

Headline

GHSA-h5v2-wrhp-5v35: Access control issue in ezsystems/ezpublish-kernel

Access control based on object state is mishandled. This is a policy you can use in your roles to limit access to content based on specific object state values. Due to a flawed earlier update, these limitations were ineffective in releases made since February 16th 2022. They would grant access to the given content regardless of the object state. Depending on how your frontent is designed, knowing the URL to the content may or may not be required to access it. If you are using object state limitations in your roles, this issue is critical. Please apply the fix as soon as possible.

1 year ago

#vulnerability #git

GitHub Advisory Database
GitHub Reviewed
CVE-2022-48367

Access control issue in ezsystems/ezpublish-kernel

Critical severity GitHub Reviewed Published Mar 12, 2023 to the GitHub Advisory Database • Updated Mar 13, 2023

Package

composer ezsystems/ezpublish-kernel (Composer)

Affected versions

>= 7.5.0, < 7.5.28

Description

Published by the National Vulnerability Database

Mar 12, 2023

Published to the GitHub Advisory Database

Mar 12, 2023

Last updated

Mar 13, 2023

Related news

CVE-2022-48367: Ineffective object state limitation and Unauthenticated Fastly purge

An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled.

1 year ago

#vulnerability #git #auth

ghsa: Latest News

GHSA-8gc2-vq6m-rwjw: Amazon Redshift Python Connector vulnerable to SQL Injection

19 hours ago

GHSA-8596-2jgr-ppj7: Amazon Redshift JDBC Driver vulnerable to SQL Injection

19 hours ago

GHSA-xx95-62h6-h7v3: lgsl Stored Cross-Site Scripting vulnerability

19 hours ago

GHSA-x52f-h5g4-8qv5: Marp Core allows XSS by improper neutralization of HTML sanitization

21 hours ago

GHSA-76h9-2vwh-w278: Apache MINA Deserialization RCE Vulnerability

2 days ago