Name of the Vulnerable Software and Affected Versions: ezpublish-legacy (affected versions not specified)

Description: The issue is related to an information disclosure vulnerability in the legacy admin content tree menu. If a view has been disabled in site.ini [SiteAccessRules] Rules and an attacker accesses the backend with the URL to this module, the tree menu may be displayed, potentially leading to information disclosure because the tree menu may contain hidden items.

Recommendations: To resolve the issue, install the Security Update as soon as possible by updating to one of the recommended versions using Composer. Alternatively, apply the provided patch manually.