CVE-2022-21829 – concrete5/core

Package

Manager: composer
Name: concrete5/core
Vulnerable Version: >=9.0.0 <9.1.0 || >=0 <8.5.8

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.00884 pctl0.74544

Details

Code injection in concrete CMS Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing ‘concrete_secure’ instead of ‘concrete’. Concrete now only makes requests over https even a request comes in via http. Concrete CMS security team ranked this 8 with CVSS v3.1 vector: AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Credit goes to Anna for reporting HackerOne 1482520.

Metadata

Created: 2022-06-25T00:00:53Z
Modified: 2022-07-06T16:49:22Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-6xc4-7fmm-65q2/GHSA-6xc4-7fmm-65q2.json
CWE IDs: ["CWE-319", "CWE-74"]
Alternative ID: GHSA-6xc4-7fmm-65q2
Finding: F184
Auto approve: 1