CVE-2023-28473

EUVD-2023-1367
Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
concretecmsconcrete_cms
𝑥
< 9.2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://concretecms.com
https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release
https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20
https://concretecms.com
https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release
https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20