GHSA-6xc4-7fmm-65q2

Suggest an improvement
Source
https://github.com/advisories/GHSA-6xc4-7fmm-65q2
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-6xc4-7fmm-65q2/GHSA-6xc4-7fmm-65q2.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-6xc4-7fmm-65q2
Aliases
  • CVE-2022-21829
Published
2022-06-25T00:00:53Z
Modified
2023-11-01T04:57:44.171525Z
Severity
  • 8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
Code injection in concrete CMS
Details

Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing ‘concrete_secure’ instead of ‘concrete’. Concrete now only makes requests over https even a request comes in via http. Concrete CMS security team ranked this 8 with CVSS v3.1 vector: AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Credit goes to Anna for reporting HackerOne 1482520.

Database specific
{
    "nvd_published_at": "2022-06-24T15:15:00Z",
    "github_reviewed_at": "2022-06-29T22:07:26Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-319",
        "CWE-74"
    ]
}
References

Affected packages

Packagist / concrete5/core

Package

Name
concrete5/core
Purl
pkg:composer/concrete5/core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9.0.0
Fixed
9.1.0

Affected versions

9.*

9.0.0
9.0.1
9.0.2

Packagist / concrete5/core

Package

Name
concrete5/core
Purl
pkg:composer/concrete5/core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.5.8

Affected versions

8.*

8.2.0RC2
8.2.0
8.2.1
8.3.0
8.3.1
8.3.2
8.4.0RC3
8.4.0RC4
8.4.0
8.4.1
8.4.2
8.4.3
8.4.4
8.4.5
8.5.0RC1
8.5.0RC2
8.5.0
8.5.1
8.5.2
8.5.3
8.5.4
8.5.5
8.5.6RC1
8.5.6
8.5.7