Vulnerability Description
eZ publish 3.5 through 3.7 before 20050830 does not use a folder's read permissions to restrict notifications, which allows remote authenticated users to obtain sensitive information about changes to content in arbitrary folders.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ez | Ez Publish | 3.5.0 |
Related Weaknesses (CWE)
References
- http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x
- http://issues.ez.no/6355
- http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x
- http://issues.ez.no/6355
FAQ
What is CVE-2005-4854?
CVE-2005-4854 is a vulnerability with a CVSS score of 5.0 (MEDIUM). eZ publish 3.5 through 3.7 before 20050830 does not use a folder's read permissions to restrict notifications, which allows remote authenticated users to obtain sensitive information about changes to ...
How severe is CVE-2005-4854?
CVE-2005-4854 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4854?
Check the references section above for vendor advisories and patch information. Affected products include: Ez Ez Publish.