9 matches found
Access Bypass
ezsystems/ezplatform is vulnerable to Access Bypass. The vulnerability is due to inadequate rewrite rules for blocking access to executable files in the var directory when using eZ Platform Cloud on Platform.sh...
eZ Platform Prevent accepting app.php in URL in Platform.sh
The recommended rewrite rules in eZ Platform prevent users from including the front-controller script normally "app.php" in URLs. This prevents certain vulnerabilities related to caching. However, this is not possible when using eZ Platform Cloud i.e. running eZ Platform on the Platform.sh cloud...
GHSA-QHJC-HG94-245V eZ Platform Prevent accepting app.php in URL in Platform.sh
The recommended rewrite rules in eZ Platform prevent users from including the front-controller script normally "app.php" in URLs. This prevents certain vulnerabilities related to caching. However, this is not possible when using eZ Platform Cloud i.e. running eZ Platform on the Platform.sh cloud...
Any storage file can be downloaded from p.sh if full server path is known
The default configuration for platform.sh .platform.app.yaml allows access to uploaded files if you know or can guess their location, regardless of whether roles grant content read access to the content containing those files. If you're using Legacy Bridge, the default configuration also allows...
GHSA-2RH5-JVGX-PGW3 Any storage file can be downloaded from p.sh if full server path is known
The default configuration for platform.sh .platform.app.yaml allows access to uploaded files if you know or can guess their location, regardless of whether roles grant content read access to the content containing those files. If you're using Legacy Bridge, the default configuration also allows...
GHSA-GQCF-83RQ-GPFR Any storage file can be downloaded from p.sh if full server path is known
The default configuration for platform.sh .platform.app.yaml allows access to uploaded files if you know or can guess their location, regardless of whether roles grant content read access to the content containing those files. If you're using Legacy Bridge, the default configuration also allows...
Any storage file can be downloaded from p.sh if full server path is known
The default configuration for platform.sh .platform.app.yaml allows access to uploaded files if you know or can guess their location, regardless of whether roles grant content read access to the content containing those files. If you're using Legacy Bridge, the default configuration also allows...
EZSA-2019-007 Prevent accepting app.php in URL in Platform.sh
More info at https://share.ez.no/community-project/security-advisories/ezsa-2019-007-prevent-accepting-app.php-in-url-in-platform.sh...
EZSA-2019-006 Rules to disable executable access are ignored on Platform.sh (eZ Cloud)
More info at https://share.ez.no/community-project/security-advisories/ezsa-2019-006-rules-to-disable-executable-access-are-ignored-on-platform.sh-ez-cloud...