CVE-2022-48365

CVSS V2 None CVSS V3 None

Description

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges.

Overview

CVE ID
CVE-2022-48365

Assigner
cve@mitre.org

Vulnerability Status
Analyzed

Published Version
2023-03-12T05:15:11

Last Modified Date
2023-03-16T18:14:19

Weakness Enumerations

CWE	URL
CWE-269	http://cwe.mitre.org/data/definitions/269.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:a:ibexa:digital_experience_platform::::::::	1	OR	3.3.0	3.3.28
cpe:2.3:a:ibexa:digital_experience_platform::::::::	1	OR	4.2.0	4.2.3
cpe:2.3:a:ibexa:ez_platform::::::::	1	OR	2.5.0	2.5.31
cpe:2.3:o:ibexa:ez_platform_kernel::::::::	1	OR	1.3.0	1.3.26
cpe:2.3:o:ibexa:ez_platform_kernel::::::::	1	OR	7.5.0	7.5.30

References

Reference URL	Reference Tags
https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips	Vendor Advisory
https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-8h83-chh2-fchp	Vendor Advisory
https://github.com/ezsystems/ezpublish-kernel/commit/957e67a08af2b3265753f9763943e8225ed779ab	Patch
https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-99r3-xmmq-7q7g	Vendor Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-48365
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48365

History

Created	Old Value	New Value	Data Type	Notes
2023-04-17 06:18:32				Added to TrackCVE
2023-04-17 06:18:34			Weakness Enumeration	new