GHSA-j4mv-2rv7-v2j9

Suggest an improvement
Source
https://github.com/advisories/GHSA-j4mv-2rv7-v2j9
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/11/GHSA-j4mv-2rv7-v2j9/GHSA-j4mv-2rv7-v2j9.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-j4mv-2rv7-v2j9
Aliases
  • CVE-2021-22966
Published
2021-11-23T18:18:07Z
Modified
2023-11-08T04:05:02.309372Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Improper Privilege Management in Concrete CMS
Details

Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. If a group is granted "view" permissions on the bulkupdate page, then users in that group can escalate to being an administrator with a specially crafted curl. Fixed by adding a check for group permissions before allowing a group to be moved.

Database specific 
{
    "nvd_published_at": "2021-11-19T19:15:00Z",
    "github_reviewed_at": "2021-11-22T18:31:34Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-269"
    ]
}
References

Affected packages

Packagist / concrete5/core

Package

Name
concrete5/core
Purl
pkg:composer/concrete5/core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.5.7

Affected versions

8.*

8.2.0RC2
8.2.0
8.2.1
8.3.0
8.3.1
8.3.2
8.4.0RC3
8.4.0RC4
8.4.0
8.4.1
8.4.2
8.4.3
8.4.4
8.4.5
8.5.0RC1
8.5.0RC2
8.5.0
8.5.1
8.5.2
8.5.3
8.5.4
8.5.5
8.5.6RC1
8.5.6