eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects.
References
Link | Resource |
---|---|
http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0 | Product |
http://issues.ez.no/6841 | Broken Link |
http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0 | Product |
http://issues.ez.no/6841 | Broken Link |
Configurations
History
21 Nov 2024, 00:05
Type | Values Removed | Values Added |
---|---|---|
References | () http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0 - Product | |
References | () http://issues.ez.no/6841 - Broken Link |
Information
Published : 2005-12-31 05:00
Updated : 2024-11-21 00:05
NVD link : CVE-2005-4851
Mitre link : CVE-2005-4851
CVE.ORG link : CVE-2005-4851
JSON object : View
Products Affected
ez
- ez_publish
CWE
CWE-287
Improper Authentication