Lucene search

[email protected]CVE-2023-48652

HistoryDec 25, 2023 - 8:15 a.m.

CVE-2023-48652

2023-12-2508:15:07

CWE-352

[email protected]

web.nvd.nist.gov

cve-2023-48652

concrete cms

csrf

cross site request forgery

security vulnerability

nvd

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) via /ccm/system/dialogs/logs/delete_all/submit. An attacker can force an admin user to delete server report logs on a web application to which they are currently authenticated.

Affected configurations

NVD

Node

concretecmsconcrete_cmsRange9.0–9.2.3

CPENameOperatorVersion
concretecms:concrete_cmsconcretecms concrete cmslt9.2.3

CPE	Name	Operator	Version
concretecms:concrete_cms	concretecms concrete cms	lt	9.2.3

References

documentation.concretecms.org/developers/introduction/version-history/923-release-notes

www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVE-2023-48652

osv2 veracode1 nvd1 github1 cvelist1 prion1