Lucene search
HistoryMar 12, 2023 - 5:15 a.m.
CVE-2022-48367
cve-2022-48367
ez publish
ibexa kernel
access control
security issue
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
60.7%
An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled.
Affected configurations
Node
ibexadigital_experience_platformRange3.3.0–3.3.18
ORibexadigital_experience_platformRange4.0.0–4.0.5
ORibexadigital_experience_platformRange4.1.0–4.1.2
ORibexaezplatform-http-cache-fastlyRange1.1.0–1.1.9
ORibexaezplatform-http-cache-fastlyRange2.0.0–2.0.11
ORibexafastlyRange4.0.0–4.0.5
ORibexafastlyRange4.1.0–4.1.2
ORibexaez_platform_kernelRange1.3.0–1.3.17
ORibexaez_platform_kernelRange7.5.0–7.5.28
ORibexakernelRange4.0.0–4.0.7
ORibexakernelRange4.1.0–4.1.4
Related
cvelist
cvelist
CVE-2022-48367
2023-03-12 00:00:00
osv
osv
Access control issue in ezsystems/ezpublish-kernel
2023-03-12 06:30:21
nvd
nvd
CVE-2022-48367
2023-03-12 05:15:12
prion
prion
Design/Logic Flaw
2023-03-12 05:15:00
github
github
Access control issue in ezsystems/ezpublish-kernel
2023-03-12 06:30:21
veracode
veracode
Improper Access Control
2023-03-17 03:01:24
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
60.7%
Related for CVE-2022-48367