GoogleOSV:GHSA-PJ76-75CM-3552Concrete CMS (previously concrete5) is vulnerable to possible auth bypass in the jobs section
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
31.6%
Concrete CMS (previously concrete5) before 9.2 is vulnerable to possible Auth bypass in the jobs section.
References
concretecms.com
github.com/concretecms/concretecms
github.com/concretecms/concretecms/pull/11749
github.com/concretecms/concretecms/releases/tag/8.5.13
nvd.nist.gov/vuln/detail/CVE-2023-28473
www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release
www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
31.6%