CVE-2022-21829

Published: Jun 24, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing ‘concrete_secure’ instead of ‘concrete’. Concrete now only makes requests over https even a request comes in via http. Concrete CMS security team ranked this 8 with CVSS v3.1 vector: AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Credit goes to Anna for reporting HackerOne 1482520.

Affected (2)

Products: Concretecms: Concrete Cms

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Concretecms Concrete Cms	Before 8.5.8
Concretecms Concrete Cms	From 9.0.0 to 9.1.0

Related CWEs

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (6)

https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes

Source: support@hackerone.com

Release NotesVendor Advisory

https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes%2C

Source: support@hackerone.com

https://hackerone.com/reports/1482520%2C

Source: support@hackerone.com

https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes%2C

Source: af854a3a-2127-422b-91ae-364da2661108

https://hackerone.com/reports/1482520%2C

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.