CVE-2024-28235

2024-04-0916:15:07

CWE-200

GitHub_M

web.nvd.nist.gov

contao cms

open source

content management system

vulnerability

cookie header

external urls

http client

protected pages

patch

workaround

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

6.5

Confidence

Low

EPSS

Percentile

15.5%

JSON

Contao is an open source content management system. Starting in version 4.9.0 and prior to versions 4.13.40 and 5.3.4, when checking for broken links on protected pages, Contao sends the cookie header to external urls as well, the passed options for the http client are used for all requests. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable crawling protected pages.

Affected configurations

Vulners

Node

contaocontaoRange4.9.0–4.13.40

contaocontaoRange5.0.0-RC1–5.3.4

VendorProductVersionCPE
contaocontao*cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
contao	contao	*	cpe:2.3:a:contao:contao::::::::

CNA Affected

[
  {
    "vendor": "contao",
    "product": "contao",
    "versions": [
      {
        "version": ">= 4.9.0, < 4.13.40",
        "status": "affected"
      },
      {
        "version": ">= 5.0.0-RC1, < 5.3.4",
        "status": "affected"
      }
    ]
  }
]