3.3
CVE-2023-28473
- EPSS 0.76%
- Veröffentlicht 28.04.2023 14:15:10
- Zuletzt bearbeitet 21.11.2024 07:55:10
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginConcrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Concretecms ≫ Concrete Cms Version < 9.2.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.76% | 0.502 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.3 | 0.7 | 2.5 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
https://concretecms.com
https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20
https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release