CVE-2022-48367

Published: Mar 12, 2023
Updated: May 9, 2024
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-48367" target="_blank" rel="noopener"> CVE-2022-48367
GHSA: <a href="https://github.com/advisories/GHSA-h5v2-wrhp-5v35" target="_blank" rel="noopener"> GHSA-h5v2-wrhp-5v35
Severity: Critical
Exploit:

An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled.

CVSS v3:

CWEs:

Software	From	Fixed in
ibexa / kernel	4.1.0	4.1.4
ibexa / kernel	4.0.0	4.0.7
ibexa / digital_experience_platform	3.3.0	3.3.18
ibexa / digital_experience_platform	4.0.0	4.0.5
ibexa / digital_experience_platform	4.1.0	4.1.2
ibexa / ez_platform_kernel	1.3.0	1.3.17
ibexa / ez_platform_kernel	7.5.0	7.5.28
ibexa / fastly	4.0.0	4.0.5
ibexa / fastly	4.1.0	4.1.2
ibexa / ezplatform-http-cache-fastly	1.1.0	1.1.9
ibexa / ezplatform-http-cache-fastly	2.0.0	2.0.11
ezsystems / ezpublish-kernel	7.5.0	7.5.28