A vulnerability was found in Concrete CMS up to 8.5.7/9.0.2 (Content Management System) and classified as problematic. Affected by this issue is some unknown functionality of the component ZIP File Handler. The manipulation with an unknown input leads to a cleartext transmission vulnerability. Using CWE to declare the problem leads to CWE-319. The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. Impacted is confidentiality. CVE summarizes:

Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing ‘concrete_secure’ instead of ‘concrete’. Concrete now only makes requests over https even a request comes in via http. Concrete CMS security team ranked this 8 with CVSS v3.1 vector: AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Credit goes to Anna for reporting HackerOne 1482520.

The weakness was shared 06/25/2022. The advisory is available at hackerone.com. This vulnerability is handled as CVE-2022-21829 since 12/10/2021. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1040 by the MITRE ATT&CK project.

Upgrading to version 8.5.8 or 9.1.0 eliminates this vulnerability. The upgrade is hosted for download at documentation.concretecms.org.

Productinfo

Type

• Content Management System

Vendor

• Concrete

Name

• CMS

Version

• 8.5.0
• 8.5.1
• 8.5.2
• 8.5.3
• 8.5.4
• 8.5.5
• 8.5.6
• 8.5.7
• 9.0.0
• 9.0.1
• 9.0.2

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion