CVE-2022-48365
- Source
- https://cve.org/CVERecord?id=CVE-2022-48365
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48365.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-48365
- Aliases
- Related
- Published
- 2023-03-12T05:15:11.917Z
- Modified
- 2026-02-04T05:26:21.082690Z
- Severity
-
- 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges.
- References
-
- https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips
- https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-8h83-chh2-fchp
- https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-99r3-xmmq-7q7g
- https://github.com/ezsystems/ezpublish-kernel/commit/957e67a08af2b3265753f9763943e8225ed779ab