Lucene search
HistoryOct 03, 2022 - 4:22 p.m.
CVE-2005-4854
ez publish
security vulnerability
cve-2005-4854
remote authentication
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.8 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
61.1%
eZ publish 3.5 through 3.7 before 20050830 does not use a folder’s read permissions to restrict notifications, which allows remote authenticated users to obtain sensitive information about changes to content in arbitrary folders.
Affected configurations
Node
ezez_publishMatch3.5.0
ORezez_publishMatch3.5.1
ORezez_publishMatch3.5.2
ORezez_publishMatch3.5.3
ORezez_publishMatch3.5.4
ORezez_publishMatch3.5.5
ORezez_publishMatch3.5.6
ORezez_publishMatch3.5.7
ORezez_publishMatch3.5.8
ORezez_publishMatch3.5.9
ORezez_publishMatch3.5.10
ORezez_publishMatch3.5.11
ORezez_publishMatch3.6.0
ORezez_publishMatch3.6.1
ORezez_publishMatch3.6.2
ORezez_publishMatch3.6.3
ORezez_publishMatch3.6.4
ORezez_publishMatch3.6.5
ORezez_publishMatch3.6.6
ORezez_publishMatch3.6.7
ORezez_publishMatch3.6.8
ORezez_publishMatch3.6.9
ORezez_publishMatch3.6.10
ORezez_publishMatch3.6.11
ORezez_publishMatch3.6.12
ORezez_publishMatch3.7.0
ORezez_publishMatch3.7.1
ORezez_publishMatch3.7.2
ORezez_publishMatch3.7.3
ORezez_publishMatch3.7.4
ORezez_publishMatch3.7.5
ORezez_publishMatch3.7.6
ORezez_publishMatch3.7.7
ORezez_publishMatch3.7.8
ORezez_publishMatch3.7.9
ORezez_publishMatch3.7.10
ORezez_publishMatch3.7.11
ORezez_publishMatch3.7.12
Related
cvelist
cvelist
CVE-2005-4854
2022-10-03 16:22:45
ubuntucve
ubuntucve
CVE-2005-4854
2005-12-31 00:00:00
nvd
nvd
CVE-2005-4854
2005-12-31 05:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.8 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
61.1%
Related for CVE-2005-4854