Lucene search

[email protected]CVE-2005-4853

HistoryOct 03, 2022 - 4:22 p.m.

CVE-2005-4853

2022-10-0316:22:45

CWE-264

[email protected]

web.nvd.nist.gov

cve-2005-4853

ez publish

forum package

security vulnerability

remote authenticated users

edit permissions

9.4 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.2%

JSON

The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a posting’s owner, which allows remote authenticated users to edit arbitrary postings.

Affected configurations

NVD

Node

ezez_publishMatch3.5.0

ezez_publishMatch3.5.1

ezez_publishMatch3.5.2

ezez_publishMatch3.5.3

ezez_publishMatch3.5.4

CPENameOperatorVersion
ez:ez_publishez ez publisheq3.5.0
ez:ez_publishez ez publisheq3.5.1
ez:ez_publishez ez publisheq3.5.2
ez:ez_publishez ez publisheq3.5.3
ez:ez_publishez ez publisheq3.5.4

CPE	Name	Operator	Version
ez:ez_publish	ez ez publish	eq	3.5.0
ez:ez_publish	ez ez publish	eq	3.5.1
ez:ez_publish	ez ez publish	eq	3.5.2
ez:ez_publish	ez ez publish	eq	3.5.3
ez:ez_publish	ez ez publish	eq	3.5.4

References

ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0

issues.ez.no/7052

9.4 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.2%

JSON

Related for CVE-2005-4853

ubuntucve1 nvd1 cvelist1