Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/ezsystems/ezplatform-kernel@1.3.26
Typecomposer
Namespaceezsystems
Nameezplatform-kernel
Version1.3.26
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.3.34
Latest_non_vulnerable_version7.5.26
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-veax-u5rr-4kbv
vulnerability_id VCID-veax-u5rr-4kbv
summary 
Company admin role gives excessive privileges in eZ Platform Ibexa
Users with the Company admin role (introduced by the company account feature in v4) can assign any role to any user. This also applies to any other user that has the role / assign policy. Any subtree limitation in place does not have any effect.

The role / assign policy is typically only given to administrators, which limits the scope in most cases, but please verify who has this policy in your installaton. The fix ensures that subtree limitations are working as intended.
references
0
reference_url https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips
reference_id
reference_type
scores
url https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips
1
reference_url https://github.com/ezsystems/ezpublish-kernel
reference_id
reference_type
scores
url https://github.com/ezsystems/ezpublish-kernel
2
reference_url https://github.com/ezsystems/ezpublish-kernel/commit/957e67a08af2b3265753f9763943e8225ed779ab
reference_id
reference_type
scores
url https://github.com/ezsystems/ezpublish-kernel/commit/957e67a08af2b3265753f9763943e8225ed779ab
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-48365
reference_id CVE-2022-48365
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-48365
4
reference_url https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-8h83-chh2-fchp
reference_id GHSA-8h83-chh2-fchp
reference_type
scores
url https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-8h83-chh2-fchp
5
reference_url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-99r3-xmmq-7q7g
reference_id GHSA-99r3-xmmq-7q7g
reference_type
scores
url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-99r3-xmmq-7q7g
6
reference_url https://github.com/advisories/GHSA-qq2j-9pf8-g58c
reference_id GHSA-qq2j-9pf8-g58c
reference_type
scores
url https://github.com/advisories/GHSA-qq2j-9pf8-g58c
fixed_packages
0
url pkg:composer/ezsystems/ezplatform-kernel@1.3.26
purl pkg:composer/ezsystems/ezplatform-kernel@1.3.26
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-kernel@1.3.26
aliases CVE-2022-48365, GHSA-qq2j-9pf8-g58c
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-veax-u5rr-4kbv
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-kernel@1.3.26