CVE-2022-48365
- Source
- https://cve.org/CVERecord?id=CVE-2022-48365
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48365.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-48365
- Aliases
- Related
- Published
- 2023-03-12T05:15:11.917Z
- Modified
- 2026-03-15T14:45:39.277781Z
- Severity
-
- 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges.
- References
-
- https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips
- https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-8h83-chh2-fchp
- https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-99r3-xmmq-7q7g
- https://github.com/ezsystems/ezpublish-kernel/commit/957e67a08af2b3265753f9763943e8225ed779ab
Affected packages
Git / github.com/ezsystems/ezplatform
Affected ranges
Affected versions
2013.*
2013.4
5.*
5.2.0-beta1
Other
before_ezp_removal
before_merge
fieldtype-introduction
v2013.*
v2013.06.0
v2013.07.0
v2013.07.1
v2013.07.2
v2013.07.3
v2013.09.0
v2013.09.1
v2013.09.2
v2013.11.0
v2014.*
v2014.01.0
v2014.01.1
v2014.01.2
v2014.01.3
v2014.03.1
v2014.03.2
v2014.05.0
v2014.07.0
v2014.11.0
v2014.11.1
v2014.11.2
v2014.11.3
v2014.11.4
v2014.11.5
v5.*
v5.2.0-beta1
v6.*
v6.0.0
v6.0.0-alpha1
v6.0.0-alpha2
v6.0.0-alpha3
v6.0.0-alpha4
v6.0.0-alpha5
v6.0.0-alpha6
v6.0.0-alpha7
v6.0.0-beta1
v6.0.0-beta2
v6.0.0-beta3
v6.0.0-beta4
v6.0.0-beta5
v6.0.0-beta6
v6.0.0-beta7
v6.0.0-beta8
v6.0.0-rc1
v6.1.0
v6.1.0-rc1
v6.1.1
v6.10.0
v6.10.0-beta1
v6.10.0-beta2
v6.10.0-beta3
v6.10.0-rc1
v6.10.0-rc2
v6.10.0-rc3
v6.10.1
v6.10.1-rc1
v6.11.0
v6.11.0-beta1
v6.11.0-rc1
v6.11.1
v6.11.2
v6.11.3
v6.11.4
v6.11.4.1
v6.12.0
v6.12.0-beta1
v6.12.0-beta2
v6.12.0-rc1
v6.12.0.1
v6.12.1
v6.12.1-rc1
v6.12.1-rc2
v6.12.1-rc3
v6.12.1-rc4
v6.13.0
v6.13.0-beta1
v6.13.0-beta2
v6.13.0-rc1
v6.13.1
v6.13.1-rc1
v6.13.2
v6.13.2-rc1
v6.13.3
v6.13.3-beta1
v6.13.3-rc1
v6.13.4
v6.13.4-beta1
v6.13.4-rc1
v6.13.6
v6.13.6-rc1
v6.13.7-beta2
v6.13.8
v6.13.8-rc1
v6.2.0
v6.2.0-rc1
v6.2.0-rc2
v6.2.0-rc3
v6.2.0-rc4
v6.2.0-rc5
v6.2.1
v6.3.0
v6.3.0-beta1
v6.3.0-rc1
v6.3.0-rc2
v6.3.0-rc3
v6.3.1
v6.3.1-rc1
v6.3.2
v6.3.2-beta1
v6.3.2-beta2
v6.3.2-beta3
v6.3.2-rc1
v6.3.3
v6.3.3-rc1
v6.4.0
v6.4.0-beta1
v6.4.0-beta2
v6.4.0-rc1
v6.4.1
v6.4.1-rc1
v6.4.1-rc2
v6.4.2
v6.4.2-rc1
v6.5.0
v6.5.0-beta1
v6.5.0-rc1
v6.5.0-rc2
v6.5.0-rc3
v6.5.1
v6.5.1-rc1
v6.5.1.1
v6.5.2
v6.5.2-rc1
v6.5.2-rc2
v6.6.0
v6.6.0-beta1
v6.6.0-beta2
v6.6.0-rc1
v6.6.0-rc2
v6.6.1
v6.6.1-rc1
v6.6.1-rc2
v6.6.2
v6.6.2-rc1
v6.7.0
v6.7.0-beta1
v6.7.0-rc1
v6.7.0.2
v6.7.1
v6.7.1-rc1
v6.7.1-rc2
v6.7.10
v6.7.10-rc1
v6.7.2
v6.7.2-rc1
v6.7.3
v6.7.3-rc1
v6.7.4
v6.7.4-rc1
v6.7.4-rc2
v6.7.5
v6.7.5-rc1
v6.7.6
v6.7.6-rc1
v6.7.7
v6.7.7-beta1
v6.7.7-rc1
v6.7.7-rc2
v6.7.8
v6.7.8-rc1
v6.7.8-rc2
v6.8.0
v6.8.0-beta1
v6.8.0-rc1
v6.8.1
v6.8.1-rc1
v6.9.0
v6.9.0-beta1
v6.9.0-rc1
v6.9.1
v6.9.1-rc1
v6.9.1-rc2
v7.*
v7.0.0
v7.0.0-beta2
v7.0.0-beta3
v7.0.0-rc1
v7.0.1
v7.0.2
v7.0.2.1
v7.1.0
v7.1.0-beta1
v7.1.0-beta2
v7.1.0-rc1
v7.1.0-rc2
v7.1.1
v7.1.1-rc1
v7.2.0
v7.2.0-beta1
v7.2.0-rc1
v7.2.1
v7.2.2
v7.2.3
v7.2.4
v7.2.5
v7.3.0
v7.3.0-beta1
v7.3.0-rc1
v7.3.0-rc2
v7.3.1
v7.3.2
v7.3.3
v7.3.4
v7.3.5
v7.4.0
v7.4.0-beta1
v7.4.0-rc1
v7.4.1
v7.4.2
v7.4.3
v7.4.3-rc1
v7.4.4
v7.5.0-rc1
v7.5.0-rc2
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "3.3.0"
},
{
"fixed": "3.3.28"
}
]
},
{
"events": [
{
"introduced": "4.2.0"
},
{
"fixed": "4.2.3"
}
]
},
{
"events": [
{
"introduced": "1.3.0"
},
{
"fixed": "1.3.26"
}
]
},
{
"events": [
{
"introduced": "7.5.0"
},
{
"fixed": "7.5.30"
}
]
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48365.json"