{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "cpe": "cpe:2.3:a:ibexa:ez_platform:*:*:*:*:*:*:*:*",
            "extracted_events": [
              {
                "introduced": "2.5.0"
              },
              {
                "fixed": "2.5.31"
              }
            ],
            "source": "CPE_RANGE"
          },
          "events": [
            {
              "introduced": "3a472a38f0e0080d33a71120c1f2f4d578d27f1e"
            },
            {
              "fixed": "42e66cda1feb0d5d349aef620398bec06a57bda9"
            }
          ],
          "repo": "https://github.com/ezsystems/ezplatform",
          "type": "GIT"
        },
        {
          "database_specific": {
            "extracted_events": [
              {
                "introduced": "0"
              },
              {
                "fixed": "1.3.26"
              }
            ],
            "source": "DESCRIPTION"
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "b142222c56815cfc43958f79f43fd5eb677200b9"
            }
          ],
          "repo": "https://github.com/ezsystems/ezplatform-kernel",
          "type": "GIT"
        },
        {
          "database_specific": {
            "source": "REFERENCES"
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "957e67a08af2b3265753f9763943e8225ed779ab"
            }
          ],
          "repo": "https://github.com/ezsystems/ezpublish-kernel",
          "type": "GIT"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "mitre",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48365.json"
  },
  "details": "An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges.",
  "id": "CVE-2022-48365",
  "modified": "2026-07-08T05:38:44.430273872Z",
  "published": "2023-03-12T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48365.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-8h83-chh2-fchp"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-99r3-xmmq-7q7g"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48365"
    },
    {
      "type": "FIX",
      "url": "https://github.com/ezsystems/ezpublish-kernel/commit/957e67a08af2b3265753f9763943e8225ed779ab"
    }
  ],
  "related": [
    "GHSA-8h83-chh2-fchp",
    "GHSA-99r3-xmmq-7q7g"
  ],
  "schema_version": "1.7.5",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}