ezsystems/ezpublish-kernel Security Advisories for v7.5.29 (3)
-
[LOW] Download route allows filename change in eZpublish kernel
PKSA-z67k-j82n-m783 GHSA-946c-f9w6-2c25
Affected version: >=7.5.0,<7.5.31
Reported by:
GitHub -
[HIGH] Company admin role gives excessive privileges in eZ Platform Ibexa
PKSA-vyh4-xcqv-nk64 CVE-2022-48365 GHSA-qq2j-9pf8-g58c
Affected version: >=7.5.0,<7.5.30
Reported by:
GitHub -
[CRITICAL] eZ Platform users with the Company admin role can assign any role to any user
PKSA-c699-v1ks-dw56 GHSA-99r3-xmmq-7q7g
Affected version: >=7.5.0,<7.5.30
Reported by:
GitHub