Skip to content

Any storage file can be downloaded from p.sh if full server path is known

High
glye published GHSA-2rh5-jvgx-pgw3 Sep 14, 2021

Package

composer ezsystems/ezplatform (Composer)

Affected versions

v1.13.6, v2.5.24

Patched versions

v1.13.6.1, v2.5.24.1

Description

https://developers.ibexa.co/security-advisories/ibexa-sa-2021-006-storage-and-legacy-files-accessible-if-path-is-known

Severity

High

CVE ID

No known CVE

Weaknesses

No CWEs