CVE-2005-4851

Published: Dec 31, 2005Modified: Apr 16, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects.

Affected (1)

Products: Ez: Ez Publish

1 product

Ez Publish

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ez Ez Publish	From 3.4.4 to 3.7

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0

Source: cve@mitre.org

Product

http://issues.ez.no/6841

Source: cve@mitre.org

Broken Link

http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0

Source: af854a3a-2127-422b-91ae-364da2661108

Product

http://issues.ez.no/6841

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.