Headline
GHSA-cc2j-92jq-wgjg: eZ Publish Information disclosure in backend content tree menu
This security advisory fixes an information disclosure vulnerability in the legacy admin content tree menu. If a view has been disabled in site.ini [SiteAccessRules] Rules, and an attacker accesses the backend with the URL to this module, then the tree menu may be displayed. Since the tree menu may contain hidden items, this may lead to information disclosure. We recommend that you install this Security Update as soon as possible.
To install, use Composer to update to one of the “Resolving versions” mentioned above, or apply this patch manually: https://github.com/ezsystems/ezpublish-legacy/commit/a4a0470f8d80f012fe14e4f8ab11c7d14375986c
Skip to content
Navigation Menu
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
GitHub Sponsors
Fund open source developers
* The ReadME Project
GitHub community articles
- Pricing
Provide feedback
Saved searches****Use saved searches to filter your results more quickly
Sign up
- GitHub Advisory Database
- GitHub Reviewed
- GHSA-cc2j-92jq-wgjg
eZ Publish Information disclosure in backend content tree menu
High severity GitHub Reviewed Published May 15, 2024 to the GitHub Advisory Database • Updated May 15, 2024
Package
composer ezsystems/ezpublish-legacy (Composer)
Affected versions
>= 2011.0.0, < 2017.8.1.1
>= 5.4.0, < 5.4.10.1
>= 5.3.0, < 5.3.12.2
Patched versions
2017.8.1.1
5.4.10.1
5.3.12.2
Description
Published to the GitHub Advisory Database
May 15, 2024
Last updated
May 15, 2024