CVE-2021-22966

{"id": "CVE-2021-22966", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2021-11-19T19:15:08.327", "references": [{"url": "https://documentation.concretecms.org/developers/introduction/version-history/857-release-notes", "tags": ["Release Notes", "Vendor Advisory"], "source": "support@hackerone.com"}, {"url": "https://hackerone.com/reports/1362747", "tags": ["Permissions Required"], "source": "support@hackerone.com"}, {"url": "https://documentation.concretecms.org/developers/introduction/version-history/857-release-notes", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://hackerone.com/reports/1362747", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. If a group is granted \"view\" permissions on the bulkupdate page, then users in that group can escalate to being an administrator with a specially crafted curl. Fixed by adding a check for group permissions before allowing a group to be moved. Concrete CMS Security team CVSS scoring: 7.1 AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HCredit for discovery: \"Adrian Tiron from FORTBRIDGE ( https://www.fortbridge.co.uk/ )\"This fix is also in Concrete version 9.0.0"}, {"lang": "es", "value": "Una escalada de privilegios de Editor a Administrador usando Grupos en Concrete CMS versiones 8.5.6 e inferiores. Si a un grupo le es concedido permisos \"view\" en la p\u00e1gina de bulkupdate, entonces usuarios de ese grupo pueden escalar a ser un administrador con un curl especialmente dise\u00f1ado. Ha sido corregido a\u00f1adiendo una comprobaci\u00f3n de los permisos de grupo antes de permitir que sea movido un grupo. Puntuaci\u00f3n CVSS del equipo de seguridad de CMS concreto: 7.1 AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HCredit for discovery: \"Adrian Tiron de FORTBRIDGE ( https://www.fortbridge.co.uk/ ) \"Esta correcci\u00f3n tambi\u00e9n est\u00e1 en Concrete versi\u00f3n 9.0.0"}], "lastModified": "2024-11-21T05:51:02.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B7FD65C-EFA6-40A6-9698-FFEDD4846EE1", "versionEndExcluding": "8.5.7"}], "operator": "OR"}]}], "sourceIdentifier": "support@hackerone.com"}