CVE-2021-22967

UNKNOWN

Published 2021-11-19T18:11:07

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-22967. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthenticated User to Access Restricted Files If Allowed to Add Message to a Conversation.To remediate this, a check was added to verify a user has permissions to view files before attaching the files to a message in "add / edit message”.Concrete CMS security team gave this a CVSS v3.1 score of 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NCredit for discovery Adrian H

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Exposure of sensitive information in concrete5/core

GHSA-m2v2-8227-59f5

Advisory Details

Affected Packages

Packagist concrete5/core

ECOSYSTEM: ≥0 <8.5.7

CVSS Scoring

CVSS Score

5.0

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-22967

WEB https://hackerone.com/reports/869612

WEB https://documentation.concretecms.org/developers/introduction/version-history/857-release-notes

Advisory provided by GitHub Security Advisory Database. Published: November 23, 2021, Modified: November 24, 2021

References

https://documentation.concretecms.org/developers/introduction/version-history/857-release-notes

https://hackerone.com/reports/869612

Published: 2021-11-19T18:11:07

Last Modified: 2024-08-03T18:58:26.112Z

Copied to clipboard!

CVE-2021-22967

Expert Analysis

Description

Available Exploits

Related News

GitHub Security Advisories

Exposure of sensitive information in concrete5/core

Advisory Details

Affected Packages

CVSS Scoring

CVSS Score

References

References

Request Analysis

What to expect

Request Received!