Ibexa is part of QNTM -  Discover how Ibexa unleashed its own potential by being part of QNTM group

Security advisory: IBEXA-SA-2023-004

Unauthenticated deletion in recommendation engine
Publication date:
20/07/2023, 10:10

Severity:
High

Affected versions: Ibexa DXP v4.5.*
Resolving versions: Ibexa DXP v4.5.1

This security advisory resolves a vulnerability in the recommendation engine of Ibexa Personalization. Before version 4.5.1 it was vulnerable to unauthenticated deletion requests. Content could be deleted from the recommendation engine, but not from storage in the Ibexa DXP database. The update resolves the issue.

Have you found a security bug in Ibexa DXP? See how to report it responsibly here: https://doc.ibexa.co/en/latest/guide/reporting_issues/

All security advisories