Lucene search

[email protected]CVE-2005-4851

HistoryOct 03, 2022 - 4:22 p.m.

CVE-2005-4851

2022-10-0316:22:44

CWE-287

[email protected]

web.nvd.nist.gov

ez publish

security

permissions

xml

nvd

cve-2005-4851

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.2%

JSON

eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects.

Affected configurations

NVD

Node

ezez_publishRange3.4.4–3.7

CPENameOperatorVersion
ez:ez_publishez ez publishle3.7

CPE	Name	Operator	Version
ez:ez_publish	ez ez publish	le	3.7

References

ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0

issues.ez.no/6841

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.2%

JSON

Related for CVE-2005-4851

ubuntucve1 nvd1 cvelist1