CVE-2022-43693: CSRF
First published: Mon Nov 14 2022(Updated: )
Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Concretecms Concrete Cms | <8.5.10 | |
| Concretecms Concrete Cms | >=9.0.0<=9.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
- https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
- https://github.com/concretecms/concretecms/releases/8.5.10
- https://github.com/concretecms/concretecms/releases/9.1.3
- https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
Frequently Asked Questions
What is CVE-2022-43693?
CVE-2022-43693 is a vulnerability in Concrete CMS that allows Cross-Site Request Forgery (CSRF) due to the lack of a State parameter for external Concrete authentication service.
How does CVE-2022-43693 affect Concrete CMS?
CVE-2022-43693 affects Concrete CMS versions from 8.5.10 to 9.1.2.
What is the severity of CVE-2022-43693?
CVE-2022-43693 has a severity rating of 8.8 (high).
How can I fix CVE-2022-43693 in Concrete CMS?
To fix CVE-2022-43693 in Concrete CMS, it is recommended to update to a version that includes the fix, such as 9.1.3 or later.
Where can I find more information about CVE-2022-43693?
You can find more information about CVE-2022-43693 in the release notes of Concrete CMS versions 8.5.10, 9.1.2, and the official documentation of Concrete CMS.
- collector/nvd-index
- agent/references
- agent/severity
- agent/event
- vendor/concretecms
- canonical/concretecms concrete cms
- version/concretecms concrete cms/9.0.0
- version/concretecms concrete cms/9.1.2