Skip to content

Users with the Company admin role can assign any role to any user

Critical
glye published GHSA-99r3-xmmq-7q7g Nov 10, 2022

Package

composer ezsystems/ezpublish-kernel (Composer)

Affected versions

v7.5.*

Patched versions

v7.5.30

Description

Please see https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips

Severity

Critical

CVE ID

No known CVE

Weaknesses

No CWEs