| 0 |
|
| 1 |
|
| 2 |
| url |
VCID-29ju-364n-qkch |
| vulnerability_id |
VCID-29ju-364n-qkch |
| summary |
Content object state fetch functions open to SQL injection
### Impact
This Security Update is about a vulnerability in eZ Publish Legacy. The content object state code could be vulnerable to SQL injection. There is no known exploit, but one might be possible. If you use Legacy in any way, we strongly recommend that you install this update as soon as possible.
### Patches
The fix is distributed via Composer, see "Patched versions". |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-jpwx-ffjq-wr4w, GMS-2021-112
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-29ju-364n-qkch |
|
| 3 |
| url |
VCID-2adj-kpzr-eycv |
| vulnerability_id |
VCID-2adj-kpzr-eycv |
| summary |
eZ Publish Legacy Cross-site Scripting (XSS) in 'disabled module' error template
This security advisory fixes a vulnerability in eZ Publish Legacy, and we recommend that you install it as soon as possible if you are using Legacy via the LegacyBridge.
Installations where all modules are disabled may be vulnerable to XSS injection in the module name. This is a rare configuration, but we still recommend installing the update, which adds the necessary input washing.
To install, use Composer to update to one of the "Resolving versions" mentioned above, or apply this patch manually:
https://github.com/ezsystems/ezpublish-legacy/commit/4697bff700e8cf95d5847ea19dad3479a77b02d9 |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-2vh3-cj9j-mcj5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2adj-kpzr-eycv |
|
| 4 |
| url |
VCID-a651-ayct-2fa1 |
| vulnerability_id |
VCID-a651-ayct-2fa1 |
| summary |
eZ Publish Legacy Patch EZSA-2018-001 for Several vulnerabilities
This security advisory fixes 4 separate vulnerabilities in eZ Publish Legacy, and we recommend that you install it as soon as possible if you are using Legacy by itself or via the LegacyBridge.
First, it increases the randomness, and thus the security, of the pseudo-random bytes used to generate a hash for the "forgot password" feature. This protects accounts against being taken over through attacks trying to predict the hash. If the increased randomness is not available in your PHP installation, it will now log a warning.
Second, it improves security of the information collector feature, by ensuring no collection emails will be sent from invalid manipulated forms.
Third, it stops the possible leaking of the names of content objects that should not be readable for certain users, on installations where these users can create or edit XML text.
Fourth, it protects against cross-site scripting (XSS) in the Matrix data type, on installations where users are allowed to edit content classes / content types.
We recommend that you install the security update as soon as possible.
To install, use Composer to update to one of the "Resolving versions" mentioned above, or apply these patches manually:
https://github.com/ezsystems/ezpublish-legacy/commit/917711eb7ffe2b52a3e9fe12505f6810a63696f7
https://github.com/ezsystems/ezpublish-legacy/commit/6db0e6b7739481f27d954548388bd3f0ed2c6fdd
https://github.com/ezsystems/ezpublish-legacy/commit/efcd2b61b15eaaf74e0ff28d6c723cf28e655dab
https://github.com/ezsystems/ezpublish-legacy/commit/f9ffaf590b63b4f552142cfd4441afbbfb3f19b1 |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-82rv-45pc-v28w
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a651-ayct-2fa1 |
|
| 5 |
|
| 6 |
|
| 7 |
| url |
VCID-f41r-p9hu-hyhx |
| vulnerability_id |
VCID-f41r-p9hu-hyhx |
| summary |
Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads
The eZ Platform and Legacy are affected by an issue related to how uploaded PHP and PHAR files are handled, and consists of two parts: 1. Web server configuration, and 2. Disabling the PHAR stream wrapper.
**1. WEB SERVER CONFIGURATION**
The sample web server configuration in our documentation can in some cases allow the execution of uploaded PHP/PHAR code. This can be abused to allow priviledge escalation and breach of content access controls, among other things. Please ensure that your web server will not execute files in directories were files may be uploaded, such as web/var/ and ezpublish_legacy/var/
As an example, here is how you can make Apache return HTTP 403 Forbidden for a number of executable file types in your eZ Platform var directory. Please adapt it to your needs. It is then possible to enable logging of HTTP 403 in a separate log file if you wish, you could do this to see if someone is trying to abuse the server.
```
RewriteEngine On |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-pqjm-xcp8-wgmm
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-f41r-p9hu-hyhx |
|
| 8 |
| url |
VCID-gnad-89bk-x7cq |
| vulnerability_id |
VCID-gnad-89bk-x7cq |
| summary |
eZ Publish Information disclosure in backend content tree menu
This security advisory fixes an information disclosure vulnerability in the legacy admin content tree menu. If a view has been disabled in site.ini [SiteAccessRules] Rules, and an attacker accesses the backend with the URL to this module, then the tree menu may be displayed. Since the tree menu may contain hidden items, this may lead to information disclosure. We recommend that you install this Security Update as soon as possible.
To install, use Composer to update to one of the "Resolving versions" mentioned above, or apply this patch manually: https://github.com/ezsystems/ezpublish-legacy/commit/a4a0470f8d80f012fe14e4f8ab11c7d14375986c |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-cc2j-92jq-wgjg
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gnad-89bk-x7cq |
|
| 9 |
| url |
VCID-nfdt-99kp-xydy |
| vulnerability_id |
VCID-nfdt-99kp-xydy |
| summary |
XSS issue in search
There's a Cross-Site Scripting (XSS) vulnerability in the content/search module in eZ Publish legacy, which allows javascript to be injected. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-1000431, GHSA-m98q-p5gq-q5ff
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nfdt-99kp-xydy |
|
| 10 |
| url |
VCID-rkq7-5cdy-k7d8 |
| vulnerability_id |
VCID-rkq7-5cdy-k7d8 |
| summary |
eZ Publish Legacy Passwordless login for LDAP users
This security advisory fixes a vulnerability in eZ Publish Legacy, and we recommend that you install it as soon as possible if you are using Legacy.
Installations that are using the legacy LDAP login handler or the TextFile login handler in combination with the standard legacy login handler, may in rare cases be vulnerable to a failure of the standard login handler to verify passwords correctly, allowing unauthorised access.
If your installation has never used the LDAP or TextFile login handlers, or never used legacy login at all, then it is not affected. Still, we recommend installing the update, to be on the safe side.
To install, use Composer to update to one of the "Resolving versions" mentioned above, or apply this patch manually:
https://github.com/ezsystems/ezpublish-legacy/commit/13f03a2be6c0ee4d0caaafaef05904ea9b0c4d9d |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-p9mp-vq4v-v5m5
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rkq7-5cdy-k7d8 |
|
| 11 |
|