Security Advisories - ezsystems/ezpublish-kernel - Packagist

ezsystems/ezpublish-kernel Security Advisories for v7.5.15 (9)

Access control issue in ezsystems/ezpublish-kernel

CVE-2022-48367

Affected version: >=7.5.0,<7.5.28

Reported by:
GitHub
Timing attack in eZ Platform Ibexa

CVE-2022-48366

Affected version: >=7.5.0,<7.5.29

Reported by:
GitHub
Company admin role gives excessive privileges in eZ Platform Ibexa

CVE-2022-48365

Affected version: >=7.5.0,<7.5.30

Reported by:
GitHub
Cross Site Scripting in eZ Platform Ibexa Kernel

CVE-2021-46875

Affected version: >=7.5.0,<7.5.15.2|>=6.13.0,<6.13.8.2

Reported by:
GitHub
User account enumeration in eZ Publish Ibexa Kernel

CVE-2021-46876

Affected version: >=7.5.0,<7.5.15.1|>=6.13.0,<6.13.8.1

Reported by:
GitHub
eZ Platform users with the Company admin role can assign any role to any user

Affected version: >=7.5.0,<7.5.30

Reported by:
GitHub
Login timing attack in ezsystems/ezpublish-kernel

Affected version: >=7.5.0,<7.5.29

Reported by:
GitHub
Object state limitation has no effect

Affected version: >=7.5.0,<7.5.28

Reported by:
GitHub
Code injection in ezsystems/ezpublish-kernel

CVE-2022-25337

Affected version: >=7.5.0,<7.5.26

Reported by:
GitHub