Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
7.2

CVE-2022-48365: eZ Platform Ibexa Kernel: Company admin role gives excessive privileges

GHSA-qq2j-9pf8-g58c CVE-2022-48365
Summary

The administrative role for a company in eZ Platform Ibexa Kernel has too many permissions, potentially allowing unauthorized access to sensitive areas of the website. This affects the security of your site's content and data, so ensure you update to the latest version of the software to fix this issue.

What to do
  • Update ezsystems ezpublish-kernel to version 7.5.30.
  • Update ezsystems ezplatform-kernel to version 1.3.26.
Affected software
Ecosystem VendorProductAffected versions
composer ezsystems ezpublish-kernel >= 7.5.0, < 7.5.30
Fix: upgrade to 7.5.30
composer ezsystems ezplatform-kernel >= 1.3.0, < 1.3.26
Fix: upgrade to 1.3.26
ibexa digital_experience_platform >= 3.3.0, < 3.3.28
>= 4.2.0, < 4.2.3
cpe:2.3:a:ibexa:digital_experience_platform:*:*:*:*:*:*:*:*
ibexa ez_platform >= 2.5.0, < 2.5.31
cpe:2.3:a:ibexa:ez_platform:*:*:*:*:*:*:*:*
ibexa ez_platform_kernel >= 1.3.0, < 1.3.26
>= 7.5.0, < 7.5.30
cpe:2.3:o:ibexa:ez_platform_kernel:*:*:*:*:*:*:*:*
Original title
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges.
Original description
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges.
ghsa CVSS3.1 7.2
Vulnerability type
CWE-269 Improper Privilege Management
Published: 12 Mar 2023 · Updated: 15 Jun 2026 · First seen: 6 Mar 2026