Lucene search
MitreCVELIST:CVE-2022-43693HistoryNov 14, 2022 - 12:00 a.m.
CVE-2022-43693
2022-11-1400:00:00
mitre
www.cve.org
2
concrete cms
csrf
oauth
vulnerability
Concrete CMS is vulnerable to CSRF due to the lack of “State” parameter for external Concrete authentication service for users of Concrete who use the “out of the box” core OAuth.
References
documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
documentation.concretecms.org/developers/introduction/version-history/913-release-notes
github.com/concretecms/concretecms/releases/8.5.10
github.com/concretecms/concretecms/releases/9.1.3
www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
Related
veracode
veracode
Cross-Site Request Forgery (CSRF)
2022-11-15 03:16:28
cve
cve
CVE-2022-43693
2022-11-14 17:15:10
nvd
nvd
CVE-2022-43693
2022-11-14 17:15:10
osv
osv
CVE-2022-43693
2022-11-14 17:15:10
Concrete CMS vulnerable to Cross-site Request Forgery
2022-11-14 19:00:19
prion
prion
Cross site request forgery (csrf)
2022-11-14 17:15:00
github
github
Concrete CMS vulnerable to Cross-site Request Forgery
2022-11-14 19:00:19