First published: Wed Sep 13 2023(Updated: )
Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.
Credit: security-advisories@github.com security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Craftcms Craft Cms | >=4.4.0<4.4.15 | |
composer/craftcms/cms | >=4.0.0-RC1<=4.4.14 | 4.4.15 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-41892 is a vulnerability in Craft CMS that allows for a high-impact, low-complexity attack.
CVE-2023-41892 is considered critical with a severity value of 10.
To mitigate CVE-2023-41892, users running Craft installations before version 4.4.15 should update to at least that version.
You can find more information about CVE-2023-41892 in the Craft CMS CHANGELOG and commit history on GitHub, provided in the references.
The Common Weakness Enumeration (CWE) for CVE-2023-41892 is CWE-94.