[CRITICAL] Ibexa DXP users with the Company admin role can assign any role to any user

PKSA-z1sg-jk1v-79r5 GHSA-394j-x37r-2q27

Affected package: ibexa/core

Affected version: >=4.2.0,<4.2.3

Reported by:
GitHub