ezsystems/ezplatform-kernel Security Advisories for v1.3.0-beta1 (9)
-
[MEDIUM] Ibexa Kernel's files with blacklisted extensions can be still saved to drafts
PKSA-3msp-xw4j-3xr3 GHSA-mwvh-p3hx-x4gg
Affected version: >=1.3.0,<1.3.35
Reported by:
GitHub -
[LOW] Ibexa ezplatform-kernel download route allows filename change
PKSA-z37x-rjqb-mt9j GHSA-gv2c-5g79-h73c
Affected version: >=1.3.0,<1.3.34
Reported by:
GitHub -
[MEDIUM] Cross Site Scripting in eZ Platform Ibexa Kernel
PKSA-7tm8-4ykx-ssbs CVE-2021-46875 GHSA-c737-jhwr-fqxj
Affected version: >=1.3.0,<1.3.1.1|>=1.2.0,<1.2.5.1
Reported by:
GitHub -
[HIGH] Company admin role gives excessive privileges in eZ Platform Ibexa
PKSA-c6tp-6n5r-v194 CVE-2022-48365 GHSA-qq2j-9pf8-g58c
Affected version: >=1.3.0,<1.3.26
Reported by:
GitHub -
[LOW] Timing attack in eZ Platform Ibexa
PKSA-8588-c24p-mwqr CVE-2022-48366 GHSA-66m4-gc8h-hpjx
Affected version: >=1.3.0,<1.3.19
Reported by:
GitHub -
[CRITICAL] eZ Platform users with the Company admin role can assign any role to any user
PKSA-5mhb-r9jf-ccp3 GHSA-8h83-chh2-fchp
Affected version: >=1.3.0,<1.3.26
Reported by:
GitHub -
[CRITICAL] Login timing attack in ezsystems/ezplatform-kernel
PKSA-ssmb-br6s-zrg7 GHSA-342c-vcff-2ff2
Affected version: >=1.3.0,<1.3.19
Reported by:
GitHub -
[CRITICAL] Object state limitation has no effect
PKSA-3cph-m8cm-pv53 GHSA-w8qp-hmh5-4v9v
Affected version: >=1.3.0,<1.3.17
Reported by:
GitHub -
[MEDIUM] Exposure of Resource to Wrong Sphere in ezsystems/ezplatform-kernel
PKSA-1gmn-9nj3-8bp6 CVE-2022-25336 GHSA-x8xx-x82q-42q3
Affected version: >=1.3.0,<1.3.12
Reported by:
GitHub