CVE-2022-48365
📋 TL;DR
The Company admin role in eZ Platform Ibexa Kernel before version 1.3.26 grants excessive privileges, allowing users with this role to perform unauthorized actions. This affects all systems running vulnerable versions of eZ Platform/Ibexa CMS where the Company admin role is assigned.
💻 Affected Systems
- eZ Platform
- Ibexa DXP
- Ibexa Kernel
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An attacker with Company admin role could escalate privileges to full administrator access, modify critical system settings, access sensitive data, or compromise the entire CMS installation.
Likely Case
Authorized users with Company admin role unintentionally gain excessive permissions beyond their intended scope, potentially leading to unauthorized content modifications or configuration changes.
If Mitigated
With proper role-based access controls and least privilege principles, impact is limited to authorized users only, reducing risk of privilege escalation.
🎯 Exploit Status
Exploitation requires existing user account with Company admin role. No authentication bypass needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.26 or later
Vendor Advisory: https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips
Restart Required: No
Instructions:
1. Update eZ Platform/Ibexa Kernel to version 1.3.26 or later. 2. Run composer update. 3. Clear cache: php bin/console cache:clear. 4. Review and adjust role assignments if needed.
🔧 Temporary Workarounds
Remove Company admin role assignments
allTemporarily remove Company admin role from all users until patching is complete
php bin/console ibexa:user:remove-role --role=CompanyAdmin --user=<username>
Create custom role with limited permissions
allCreate a custom role with only necessary permissions instead of using Company admin
php bin/console ibexa:user:create-role --identifier=CustomCompanyRole --name="Custom Company Role"
🧯 If You Can't Patch
- Audit all user accounts with Company admin role and review their activities
- Implement network segmentation to limit access to administrative interfaces
🔍 How to Verify
Check if Vulnerable:
Check installed version: composer show ezsystems/ezplatform-kernel | grep versionsCheck Version:
composer show ezsystems/ezplatform-kernel | grep versionsVerify Fix Applied:
Confirm version is 1.3.26 or higher and review role assignments in admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual administrative actions by Company admin users
- Permission changes or role modifications
Network Indicators:
- Increased API calls to administrative endpoints from non-admin users
SIEM Query:
source="ibexa-logs" AND (event="role_assignment" OR event="permission_change") AND user_role="CompanyAdmin"🔗 References
- https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips
- https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-8h83-chh2-fchp
- https://github.com/ezsystems/ezpublish-kernel/commit/957e67a08af2b3265753f9763943e8225ed779ab
- https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-99r3-xmmq-7q7g
- https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips
- https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-8h83-chh2-fchp
- https://github.com/ezsystems/ezpublish-kernel/commit/957e67a08af2b3265753f9763943e8225ed779ab
- https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-99r3-xmmq-7q7g
