ezsystems/ezpublish-kernel Security Advisories for v7.5.28 (5)
-
[LOW] Download route allows filename change in eZpublish kernel
PKSA-z67k-j82n-m783 GHSA-946c-f9w6-2c25
Affected version: >=7.5.0,<7.5.31
Reported by:
GitHub -
[LOW] Timing attack in eZ Platform Ibexa
PKSA-6zrh-817h-wc9b CVE-2022-48366 GHSA-66m4-gc8h-hpjx
Affected version: >=7.5.0,<7.5.29
Reported by:
GitHub -
[HIGH] Company admin role gives excessive privileges in eZ Platform Ibexa
PKSA-vyh4-xcqv-nk64 CVE-2022-48365 GHSA-qq2j-9pf8-g58c
Affected version: >=7.5.0,<7.5.30
Reported by:
GitHub -
[CRITICAL] eZ Platform users with the Company admin role can assign any role to any user
PKSA-c699-v1ks-dw56 GHSA-99r3-xmmq-7q7g
Affected version: >=7.5.0,<7.5.30
Reported by:
GitHub -
[CRITICAL] Login timing attack in ezsystems/ezpublish-kernel
PKSA-ns35-p1q3-5g4c GHSA-xfqg-p48g-hh94
Affected version: >=7.5.0,<7.5.29
Reported by:
GitHub