CVE-2022-21829

Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing ‘concrete_secure’ instead of ‘concrete’. Concrete now only makes requests over https even a request comes in via http. Concrete CMS security team ranked this 8 with CVSS v3.1 vector: AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Credit goes to Anna for reporting HackerOne 1482520.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*
cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:45

Type Values Removed Values Added
References () https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes - Release Notes, Vendor Advisory () https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes - Release Notes, Vendor Advisory
References () https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes%2C - () https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes%2C -
References () https://hackerone.com/reports/1482520%2C - () https://hackerone.com/reports/1482520%2C -

05 Jul 2022, 16:55

Type Values Removed Values Added
References (MISC) https://hackerone.com/reports/1482520, - (MISC) https://hackerone.com/reports/1482520, - Broken Link
References (MISC) https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes - (MISC) https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes - Release Notes, Vendor Advisory
References (MISC) https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes, - (MISC) https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes, - Broken Link
CPE cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*
CWE CWE-319
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8

24 Jun 2022, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-06-24 15:15

Updated : 2024-11-21 06:45


NVD link : CVE-2022-21829

Mitre link : CVE-2022-21829

CVE.ORG link : CVE-2022-21829


JSON object : View

Products Affected

concretecms

  • concrete_cms
CWE
CWE-319

Cleartext Transmission of Sensitive Information