CVE-2022-21829

{"id": "CVE-2022-21829", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-06-24T15:15:10.143", "references": [{"url": "https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes", "tags": ["Release Notes", "Vendor Advisory"], "source": "support@hackerone.com"}, {"url": "https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes%2C", "source": "support@hackerone.com"}, {"url": "https://hackerone.com/reports/1482520%2C", "source": "support@hackerone.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}]}, {"type": "Secondary", "source": "support@hackerone.com", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing \u2018concrete_secure\u2019 instead of \u2018concrete\u2019. Concrete now only makes requests over https even a request comes in via http. Concrete CMS security team ranked this 8 with CVSS v3.1 vector: AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Credit goes to Anna for reporting HackerOne 1482520."}, {"lang": "es", "value": "Concrete CMS versiones 9.0.0 a 9.0.2 y 8.5.7, pueden descargar archivos zip a trav\u00e9s de HTTP y ejecutar c\u00f3digo desde esos archivos zip, lo que podr\u00eda conllevar a un RCE. Corregido al aplicar \"concrete_secure\" en lugar de \"concrete\". Concrete ahora s\u00f3lo hace peticiones sobre https incluso si una petici\u00f3n entra por medio de http. El equipo de seguridad de Concrete CMS clasific\u00f3 este 8 con el vector CVSS v3.1: AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H El m\u00e9rito es de Anna por informar a HackerOne 1482520"}], "lastModified": "2023-11-07T03:43:44.213", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D821B974-A48F-4925-B849-55AC51A0BE0A", "versionEndExcluding": "8.5.8"}, {"criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6E5829D-AFD1-4C1B-9E53-400D09956577", "versionEndExcluding": "9.1.0", "versionStartIncluding": "9.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "support@hackerone.com"}