Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+ ...
Continue Reading
November 21, 2022
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+ ...
Continue Reading
November 21, 2022
The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:8057 advisory. - The package @braintree/sanitize-url before 6.0.0 are ...
Continue Reading
November 19, 2022
Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.Read More ...
Continue Reading
November 17, 2022
The plugin does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client ID ### PoC T ...
Continue Reading
November 17, 2022
The plugin does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client IDRead More ...
Continue Reading
November 17, 2022
Concrete CMS is vulnerable to insecure sessions management. The vulnerability exists in the `attemptAuthentication` function in `GenericOauthTypeController.php` where it does not issue a new session I ...
Continue Reading
November 16, 2022
Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.Read More ...
Continue Reading
November 16, 2022
Back to Main
