Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1tODdoLWp4cjYtZjgyd84AA3O-

Concrete CMS allows unauthorized access because directories can be created with insecure permissions

Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified.

Permalink: https://github.com/advisories/GHSA-m87h-jxr6-f82w
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tODdoLWp4cjYtZjgyd84AA3O-
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 6 months ago
Updated: 6 months ago

Identifiers: GHSA-m87h-jxr6-f82w, CVE-2023-48648
References:

Repository: https://github.com/concretecms/concretecms
Blast Radius: 0.0

Affected Packages

packagist:concrete5/concrete5

Dependent packages: 4
Dependent repositories: 7
Downloads: 2,058 total
Affected Version Ranges: >= 9.0.0, < 9.2.2, < 8.5.13
Fixed in: 9.2.2, 8.5.13
All affected versions: 8.0.1, 8.0.2, 8.0.3, 8.1.0, 8.2.0, 8.2.1, 8.3.0, 8.3.1, 8.3.2, 8.4.0, 8.4.1, 8.4.2, 8.4.3, 8.4.4, 8.4.5, 8.5.0, 8.5.1, 8.5.2, 8.5.3, 8.5.4, 8.5.5, 8.5.6, 8.5.7, 8.5.8, 8.5.9, 8.5.10, 8.5.11, 8.5.12, 9.0.0, 9.0.1, 9.0.2, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.2.0, 9.2.1
All unaffected versions: 8.5.13, 8.5.14, 8.5.15, 8.5.16, 8.5.99, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.2.7, 9.2.8