{"id":"CVE-2022-48365","details":"An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges.","aliases":["GHSA-qq2j-9pf8-g58c"],"modified":"2026-04-11T12:41:15.518437Z","published":"2023-03-12T05:15:11.917Z","related":["GHSA-8h83-chh2-fchp","GHSA-99r3-xmmq-7q7g"],"database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:a:ibexa:digital_experience_platform:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"3.3.0"},{"fixed":"3.3.28"},{"introduced":"4.2.0"},{"fixed":"4.2.3"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:o:ibexa:ez_platform_kernel:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"1.3.0"},{"fixed":"1.3.26"},{"introduced":"7.5.0"},{"fixed":"7.5.30"}],"source":"CPE_FIELD"}]},"references":[{"type":"ADVISORY","url":"https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips"},{"type":"ADVISORY","url":"https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-8h83-chh2-fchp"},{"type":"ADVISORY","url":"https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-99r3-xmmq-7q7g"},{"type":"FIX","url":"https://github.com/ezsystems/ezpublish-kernel/commit/957e67a08af2b3265753f9763943e8225ed779ab"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ezsystems/ezplatform","events":[{"introduced":"3a472a38f0e0080d33a71120c1f2f4d578d27f1e"},{"fixed":"42e66cda1feb0d5d349aef620398bec06a57bda9"}],"database_specific":{"cpe":"cpe:2.3:a:ibexa:ez_platform:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"2.5.0"},{"fixed":"2.5.31"}],"source":"CPE_FIELD"}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48365.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/ezsystems/ezpublish-kernel","events":[{"introduced":"0"},{"fixed":"957e67a08af2b3265753f9763943e8225ed779ab"}],"database_specific":{"source":"REFERENCES"}}],"versions":["2013.4","5.2.0-beta1","before_ezp_removal","before_merge","v2013.06.0","v2013.07.0","v2013.07.1","v2013.07.2","v2013.07.3","v2013.09.0","v2013.09.1","v2013.09.2","v2013.11.0","v2014.01.0","v2014.01.1","v2014.01.2","v2014.01.3","v2014.03.1","v2014.03.2","v2014.05.0","v2014.07.0","v2014.11.0","v2014.11.1","v2014.11.2","v2014.11.3","v2014.11.4","v2014.11.5","v5.2.0-beta1","v6.0.0","v6.0.0-alpha1","v6.0.0-alpha2","v6.0.0-alpha3","v6.0.0-alpha4","v6.0.0-alpha5","v6.0.0-alpha6","v6.0.0-alpha7","v6.0.0-beta1","v6.0.0-beta2","v6.0.0-beta3","v6.0.0-beta4","v6.0.0-beta5","v6.0.0-beta6","v6.0.0-beta7","v6.0.0-beta8","v6.0.0-rc1","v6.1.0","v6.1.0-rc1","v6.10.0-beta1","v6.11.0-beta1","v6.12.0","v6.12.0-beta1","v6.12.0-beta2","v6.12.0-rc1","v6.2.0","v6.2.0-rc1","v6.2.0-rc2","v6.2.0-rc3","v6.2.0-rc4","v6.2.0-rc5","v6.3.0","v6.3.0-beta1","v6.3.0-rc1","v6.3.0-rc2","v6.3.0-rc3","v6.4.0","v6.4.0-beta1","v6.4.0-beta2","v6.4.0-rc1","v6.5.0","v6.5.0-beta1","v6.5.0-rc1","v6.5.0-rc2","v6.5.0-rc3","v6.6.0-beta1","v6.6.0-beta2","v6.6.0-rc1","v6.7.0","v6.7.0-beta1","v6.7.0-rc1","v6.8.0-beta1","v6.9.0","v6.9.0-beta1","v6.9.0-rc1","v7.0.0-beta2","v7.1.0","v7.1.0-beta1","v7.1.0-beta2","v7.1.0-rc1","v7.1.0-rc2","v7.2.0","v7.2.0-beta1","v7.2.0-rc1","v7.2.1","v7.3.0","v7.3.0-beta1","v7.3.0-rc1","v7.3.0-rc2","v7.3.1","v7.4.0","v7.4.0-beta1","v7.4.0-rc1","v7.5.0-rc1","v7.5.0-rc2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48365.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}