Users with the Company admin role can assign any role to any user

Critical

glye published GHSA-8h83-chh2-fchp

Nov 10, 2022

Package

ezsystems/ezplatform-kernel (Composer)

Affected versions

v1.3.*

Patched versions

v1.3.26

Description

Please see https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips