[GHSA-85x2-r8xv-ww8c] Kirby CMS's pages.access/list and files.access/list permissions are not consistently checked in the Panel and REST API

[abundancemarble]

GitHub CodeQL Terms and Conditions

These GitHub CodeQL Terms and Conditions ("Terms") are a legal
agreement between you (either as an individual or on behalf of an
entity) and GitHub, Inc. regarding your use of the GitHub CodeQL
software and associated documentation (collectively, the
"Software"). By using the Software, you accept these Terms.
Please read all of these Terms; in many cases, provisions set
forth later in the Terms limit and qualify provisions set forth
earlier in the Terms. If you do not accept these Terms, do not
download, install, use, or copy the Software.

Definitions

In these Terms:

• "OSI-approved License" means an Open Source Initiative
  (OSI)-approved open source software license.

• "Open Source Codebase" means a codebase that is released under an
  OSI-approved License.

Use Rights; Scope of License

The Software is licensed on a per user basis. Here's what you may do
with the Software, but subject to License Restrictions provisions
below:

• Use the Software to perform academic research.

• Use the Software to demonstrate the Software.

• Test CodeQL queries that are released under an OSI-approved
  License to confirm that new versions of those queries continue to
  find the right vulnerabilities.

Here's what you may also do with the Software, but only with an Open
Source Codebase and subject to the License Restrictions provisions
below:

• Perform analysis on the Open Source Codebase.

• If the Open Source Codebase is hosted and maintained on
  GitHub.com, generate CodeQL databases for or during automated
  analysis, CI, or CD.

License Restrictions

These Terms do not authorize, and the Software may not be used for any
purpose not expressly set forth above, including:

• To otherwise or in any other context generate any CodeQL database
  for or during automated analysis, CI or CD, whether as part of
  normal engineering processes or another context.

• To otherwise or in any other context use the Software in
  connection with any codebase that is not an Open Source Codebase
  (e.g., code in a private repo in GitHub).

Please note: if your use of the Software is under a paid customer
license for GitHub Advanced Security, the restrictions with respect to
automated analysis, CI, and CD and use in connection with non-Open
Source Codebases do not apply.

At all times, except (and only to the extent) permitted by applicable
law or applicable third-party license, you will not (and have no right
to):

• work around any technical limitations in the Software that only
  allow you to use it in certain ways;

• reverse engineer, decompile or disassemble the Software;

• remove, minimize, block, or modify any notices of GitHub or its
  suppliers in the Software;

• use the Software in any way that is against the law; or

• share, publish, distribute or lend the Software, provide or make
  available the Software as a hosted solution (whether on a
  standalone basis or combined, incorporated or integrated with
  other software or services) for others to use, or transfer the
  Software or these Terms to any third party.

The Software is licensed, not sold. GitHub reserves all rights not
expressly granted in these Terms.

Open Source Software

The Software may include components licensed under open source
software licenses. Any such licenses are included in the "Open Source
Notices" documentation that is included with the Software. Such
documentation also includes copies of all applicable open source
licenses.

To the extent the terms of the licenses applicable to open source
components require GitHub to make an offer to provide source code in
connection with the Software, such offer is hereby made, and you may
exercise it by contacting GitHub: https://github.com/contact.

Unless otherwise agreed to in writing with GitHub, your agreement with
GitHub will always include, at a minimum, these Terms. Open source
software licenses for the Software's source code constitute separate
written agreements. To the limited extent that any open source
software license expressly supersedes these Terms, such open source
license governs your use of the applicable component(s) of the
Software subject to such license.

GitHub Trademarks

These Terms do not grant any right or license to use any of GitHub's
trademarks or logos, including, without limitation, the names GitHub
and CodeQL and any Software logo designs in the "logos" folder of the
Software. You agree not to display or use any of these trademarks or
logos in any manner without GitHub's prior written permission, except
as allowed by GitHub's Logos and Usage Policy located at
https://github.com/logos. GitHub reserves all right, title and
interest in and to all GitHub trademarks and logos.

Additional Services

Auto-Updates: The Software may include an auto-update service. If the
Software automatically enables such service (or, if it is not
automatically enabled and you choose to use it), GitHub will
automatically update the Software when a new version is available.

Support

Because the Software is "as-is," GitHub may not provide support for it.

Export Control

Customer will comply with all applicable export and import laws and
regulations that apply to the Software.

Disclaimer; Limitations of Liability

THE SOFTWARE, INCLUDING ANY ADDITIONAL SERVICES, IS PROVIDED ON AN
"AS-IS" BASIS, AND GITHUB GIVES NO EXPRESS WARRANTIES, GUARANTEES OR
CONDITIONS. TO THE EXTENT PERMITTED BY APPLICABLE LAW, GITHUB
DISCLAIMS THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE AND NON-INFRINGEMENT. YOUR USE OF THE SOFTWARE IS
AT YOUR SOLE RISK.

TO THE EXTENT PERMITTED BY APPLICABLE LAW, YOU EXPRESSLY UNDERSTAND
AND AGREE THAT (1) YOU CAN RECOVER DIRECT DAMAGES RELATING TO THE
SOFTWARE, INCLUDING ANY ADDITIONAL SERVICES, UP TO U.S. $5.00 FROM
GITHUB AND ITS SUPPLIERS, AND (2) GITHUB WILL NOT BE LIABLE FOR ANY
INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES,
INCLUDING, WITHOUT LIMITATION, ANY DAMAGES FOR LOSS OF PROFITS,
GOODWILL, USE, OR DATA OR OTHER INTANGIBLE LOSSES (EVEN IF GITHUB HAS
BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES) RELATING TO THE
SOFTWARE, INCLUDING ANY ADDITIONAL SERVICES.

Miscellaneous

No Waiver. The failure of GitHub to exercise or enforce any right or
provision of these Terms will not constitute a waiver of such right or
provision.

Entire Agreement. These Terms, together with any open source
software licenses referenced above, constitute the entire agreement
between you and GitHub regarding your use of the Software, superseding
any prior agreements between you and GitHub (including, but not
limited to, any prior versions of these Terms) regarding such use.

Governing Law. You agree that these Terms and your use of the
Software are governed by the laws of the State of California and any
dispute relating to the Software or your use thereof must be brought
in a tribunal of competent jurisdiction located in or near San
Francisco, California.

Modifications. These Terms may only be modified by a written
amendment signed by an authorized representative of GitHub, or by the
posting by GitHub of a revised version.

Contact Us. Questions about these Terms? Contact us at
https://support.github.com/contact/John-James-Ayo/abundancemarble.

[github]

Hi there @bastianallgeier! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository.

This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory