ezsystems/ezplatform-kernel Security Advisories for v1.3.24 (4)
-
[MEDIUM] Ibexa Kernel's files with blacklisted extensions can be still saved to drafts
PKSA-3msp-xw4j-3xr3 GHSA-mwvh-p3hx-x4gg
Affected version: >=1.3.0,<1.3.35
Reported by:
GitHub -
[LOW] Ibexa ezplatform-kernel download route allows filename change
PKSA-z37x-rjqb-mt9j GHSA-gv2c-5g79-h73c
Affected version: >=1.3.0,<1.3.34
Reported by:
GitHub -
[HIGH] Company admin role gives excessive privileges in eZ Platform Ibexa
PKSA-c6tp-6n5r-v194 CVE-2022-48365 GHSA-qq2j-9pf8-g58c
Affected version: >=1.3.0,<1.3.26
Reported by:
GitHub -
[CRITICAL] eZ Platform users with the Company admin role can assign any role to any user
PKSA-5mhb-r9jf-ccp3 GHSA-8h83-chh2-fchp
Affected version: >=1.3.0,<1.3.26
Reported by:
GitHub