CVE-2022-43687

Published: Nov 15, 2022
Updated: May 9, 2024
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-43687" target="_blank" rel="noopener"> CVE-2022-43687
GHSA: <a href="https://github.com/advisories/GHSA-m53v-5x5x-5m2p" target="_blank" rel="noopener"> GHSA-m53v-5x5x-5m2p
Severity: Medium
Exploit:

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.

CVSS v3:

CWEs:

OWASP TOP 10:

Vulnerability Database