Access Control Mismanagement in eZ Publish Ibexa Kernel
CVE-2022-48367

9.8CRITICAL

Key Information:

Vendor: Ibexa
Status: Kernel; Digital Experience Platform; Ez Platform Kernel; Fastly
Vendor: CVE Published:; 12 March 2023

What is CVE-2022-48367?

An access control vulnerability has been identified in the eZ Publish Ibexa Kernel, specifically affecting versions prior to 7.5.28. This issue arises from improper handling of access controls based on object state, potentially allowing unauthorized access and manipulation of sensitive resources. Organizations utilizing this product should ensure they update to the latest version to mitigate the risks associated with this vulnerability.

References

https://developers.ibexa.co/security-advisories/ibexa-sa-...

https://github.com/ezsystems/ezpublish-kernel/security/ad...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 12, 2023
Vulnerability Reserved
Mar 12, 2023