First published: Mon Nov 14 2022(Updated: )
In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service (high load).
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/concrete5/concrete5 | >=9.0.0<9.1.3 | 9.1.3 |
composer/concrete5/concrete5 | <8.5.10 | 8.5.10 |
Concretecms Concrete Cms | <8.5.10 | |
Concretecms Concrete Cms | >=9.0.0<=9.1.2 | |
<8.5.10 | ||
>=9.0.0<=9.1.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-43686 is a vulnerability in Concrete CMS that can cause a denial of service due to high load.
Concrete CMS versions below 8.5.10 and between 9.0.0 and 9.1.2 are affected by CVE-2022-43686.
CVE-2022-43686 can be exploited by filling up the authTypeConcreteCookieMap table, which causes a denial of service due to high load.
CVE-2022-43686 has a severity rating of 6.5, classified as medium.
To fix CVE-2022-43686, upgrade to Concrete CMS version 9.1.3 or apply the fix provided in the official documentation.