First published: Mon Nov 14 2022(Updated: )
Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Concretecms Concrete Cms | <8.5.10 | |
Concretecms Concrete Cms | >=9.0.0<=9.1.2 | |
<8.5.10 | ||
>=9.0.0<=9.1.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-43693 is a vulnerability in Concrete CMS that allows Cross-Site Request Forgery (CSRF) due to the lack of a State parameter for external Concrete authentication service.
CVE-2022-43693 affects Concrete CMS versions from 8.5.10 to 9.1.2.
CVE-2022-43693 has a severity rating of 8.8 (high).
To fix CVE-2022-43693 in Concrete CMS, it is recommended to update to a version that includes the fix, such as 9.1.3 or later.
You can find more information about CVE-2022-43693 in the release notes of Concrete CMS versions 8.5.10, 9.1.2, and the official documentation of Concrete CMS.