Severity: Critical
CVSS Score: 9.8
An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled.