Users with the Company admin role can assign any role to any user

Critical

glye published GHSA-394j-x37r-2q27

Nov 10, 2022

Package

ibexa/core (Composer)

Affected versions

v4.2.*

Patched versions

v4.2.3

Description

Please see https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips