First published: Mon Nov 14 2022(Updated: )
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict comparison for the legacy_salt so that limited authentication bypass could occur if using this functionality. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Concretecms Concrete Cms | <8.5.10 | |
Concretecms Concrete Cms | >=9.0.0<=9.1.2 | |
<8.5.10 | ||
>=9.0.0<=9.1.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2022-43690.
The severity of CVE-2022-43690 is medium.
Concrete CMS (formerly concrete5) versions below 8.5.10 and between 9.0.0 and 9.1.2 are affected by CVE-2022-43690.
You can fix CVE-2022-43690 by updating to Concrete CMS 9.1.3+ or 8.5.10+.
You can find more information about CVE-2022-43690 in the following references: [https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes](https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes) and [https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes](https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes).