CVE-2005-4851 — Improper Authentication in Publish

CWE-287 — Improper Authentication2 documents2 sources

Severity

4.0MEDIUMNVD

EPSS

0.1%

top 65.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

EZ Publish

Timeline

PublishedDec 31

Latest updateMay 1

Description

eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDez/ez_publish3.4.4 — 3.7

🔴Vulnerability Details

GHSA

GHSA-4v3v-2c52-v3v9: eZ publish 3↗2022-05-01

▶