GHSA-9wwx-c723-vm8x

Suggest an improvement
Source
https://github.com/advisories/GHSA-9wwx-c723-vm8x
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-9wwx-c723-vm8x/GHSA-9wwx-c723-vm8x.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-9wwx-c723-vm8x
Published
2024-05-15T21:17:31Z
Modified
2024-11-29T05:35:46.897085Z
Summary
eZ Platform REST API returns list of all SiteAccesses
Details

This security advisory fixes a vulnerability in eZ Platform, and we recommend that you install it as soon as possible. The issue is that the REST API may be made to disclose the names of all available site accesses. The severity of this depends on your installation, please consider your response accordingly.

To install, use Composer to update "ezsystems/ezpublish-kernel" to one of the "Resolving versions" mentioned above, or apply this patch manually: https://github.com/ezsystems/ezpublish-kernel/commit/1551723ec134878a4cb598bfc5d900ba6164117a

Database specific 
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-15T21:17:31Z"
}
References

Affected packages

Packagist / ezsystems/ezpublish-kernel

Package

Name
ezsystems/ezpublish-kernel
Purl
pkg:composer/ezsystems/ezpublish-kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.3.0
Fixed
7.3.2.1

Affected versions

v7.*

v7.3.0
v7.3.1
v7.3.2

Packagist / ezsystems/ezpublish-kernel

Package

Name
ezsystems/ezpublish-kernel
Purl
pkg:composer/ezsystems/ezpublish-kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
7.2.4.1

Affected versions

v7.*

v7.0.0
v7.0.1
v7.0.2
v7.0.2.1
v7.0.2.2
v7.0.2.3
v7.1.0-beta1
v7.1.0-beta2
v7.1.0-rc1
v7.1.0-rc2
v7.1.0
v7.1.0.1
v7.1.0.2
v7.1.1-rc1
v7.1.1
v7.1.1.1
v7.2.0-beta1
v7.2.0-rc1
v7.2.0
v7.2.1
v7.2.2
v7.2.3
v7.2.4

Packagist / ezsystems/ezpublish-kernel

Package

Name
ezsystems/ezpublish-kernel
Purl
pkg:composer/ezsystems/ezpublish-kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.8.0
Fixed
6.13.5.1

Affected versions

v6.*

v6.8.0
v6.8.1-rc1
v6.8.1
v6.9.0-beta1
v6.9.0-rc1
v6.9.0
v6.9.1-rc1
v6.9.1-rc2
v6.9.1
v6.10.0-beta1
v6.10.0-beta2
v6.10.0-beta3
v6.10.0-rc1
v6.10.0-rc2
v6.10.0-rc3
v6.10.0
v6.10.1-rc1
v6.10.1
v6.11.0-beta1
v6.11.0-rc1
v6.11.0
v6.11.1
v6.11.2
v6.11.3
v6.11.4
v6.11.4.1
v6.12.0-beta1
v6.12.0-beta2
v6.12.0-rc1
v6.12.0
v6.12.0.1
v6.12.0.2
v6.12.1-rc1
v6.12.1-rc2
v6.12.1-rc3
v6.12.1-rc4
v6.12.1
v6.12.1.1
v6.13.0-beta1
v6.13.0-beta2
v6.13.0-rc1
v6.13.0
v6.13.0.1
v6.13.1-rc1
v6.13.1
v6.13.1.1
v6.13.1.2
v6.13.2-beta1
v6.13.2-rc1
v6.13.2
v6.13.3-beta1
v6.13.3-rc1
v6.13.3
v6.13.4-beta1
v6.13.4-rc1
v6.13.4
v6.13.5

Packagist / ezsystems/ezpublish-kernel

Package

Name
ezsystems/ezpublish-kernel
Purl
pkg:composer/ezsystems/ezpublish-kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.7.9.1

Affected versions

v6.*

v6.0.0
v6.0.0.1
v6.0.0.2
v6.0.1
v6.0.1.1
v6.0.1.2
v6.0.1.3
v6.0.1.4
v6.0.1.5
v6.0.1.6
v6.0.1.7
v6.1.0-rc1
v6.1.0
v6.1.1
v6.1.1.1
v6.2.0-rc1
v6.2.0-rc2
v6.2.0-rc3
v6.2.0-rc4
v6.2.0-rc5
v6.2.0
v6.2.1
v6.3.0-beta1
v6.3.0-rc1
v6.3.0-rc2
v6.3.0-rc3
v6.3.0
v6.3.1-rc1
v6.3.1
v6.3.2-beta1
v6.3.2-beta2
v6.3.2-beta3
v6.3.2-rc1
v6.3.2
v6.3.3-rc1
v6.3.3
v6.4.0-beta1
v6.4.0-beta2
v6.4.0-rc1
v6.4.0
v6.4.1-rc1
v6.4.1-rc2
v6.4.1
v6.4.2-rc1
v6.4.2
v6.5.0-beta1
v6.5.0-rc1
v6.5.0-rc2
v6.5.0-rc3
v6.5.0
v6.5.1-rc1
v6.5.1
v6.5.1.1
v6.5.2-rc1
v6.5.2-rc2
v6.5.2
v6.6.0-beta1
v6.6.0-beta2
v6.6.0-rc1
v6.6.0-rc2
v6.6.0
v6.6.1-rc1
v6.6.1-rc2
v6.6.1
v6.6.2-rc1
v6.6.2
v6.7.0-beta1
v6.7.0-rc1
v6.7.0
v6.7.0.1
v6.7.0.2
v6.7.0.3
v6.7.1-rc1
v6.7.1-rc2
v6.7.1
v6.7.2-rc1
v6.7.2
v6.7.3-rc1
v6.7.3
v6.7.4-rc1
v6.7.4-rc2
v6.7.4
v6.7.5-rc1
v6.7.5
v6.7.6-rc1
v6.7.6
v6.7.6.1
v6.7.6.2
v6.7.7-beta1
v6.7.7-rc1
v6.7.7-rc2
v6.7.7
v6.7.7.1
v6.7.8-rc1
v6.7.8-rc2
v6.7.8
v6.7.9

Packagist / ezsystems/ezpublish-kernel

Package

Name
ezsystems/ezpublish-kernel
Purl
pkg:composer/ezsystems/ezpublish-kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.4.0
Fixed
5.4.13.1

Packagist / ezsystems/ezpublish-kernel

Package

Name
ezsystems/ezpublish-kernel
Purl
pkg:composer/ezsystems/ezpublish-kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.3.0
Fixed
5.3.12.1