Description
eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects.
References (2)
Core 2
Core References
Product x_refsource_confirm
http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0
Broken Link x_refsource_confirm
http://issues.ez.no/6841
Scores
EPSS
0.0088
EPSS Percentile
54.6%
Details
CWE
CWE-287
Status
published
Products (1)
ez/ez_publish
3.4.4 - 3.7
Published
Dec 31, 2005
Tracked Since
Feb 18, 2026