PT-2021-15301 · Unknown · Concrete Cms

Adrian Tiron

Published

2021-11-19

Updated

2022-07-12

CVE-2021-22966

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 8.5.6 and below

Description The issue allows privilege escalation from Editor to Admin using Groups in Concrete CMS. If a group is granted "view" permissions on the bulkupdate page, then users in that group can escalate to being an administrator with a specially crafted curl. The fix involves adding a check for group permissions before allowing a group to be moved.

Recommendations For Concrete CMS versions 8.5.6 and below, update to Concrete CMS version 9.0.0 to resolve the issue. As a temporary workaround, consider restricting "view" permissions on the bulkupdate page to prevent potential escalation.

Fix

Incorrect Authorization

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-269

Related Identifiers

CVE-2021-22966

GHSA-J4MV-2RV7-V2J9

Affected Products

Concrete Cms

PT-2021-15301 · Unknown · Concrete Cms

CVE-2021-22966

Weakness Enumeration

Related Identifiers

Affected Products

References · 7