Users with the Company admin role can assign any role to any user

Critical

glye published GHSA-g6jc-xrc3-4wwq

Nov 10, 2022

Package

ibexa/admin-ui (Composer)

Affected versions

v4.2.*

Patched versions

v4.2.3

Description

Please see https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips