VYPR
Moderate severityNVD Advisory· Published Nov 14, 2022· Updated Apr 30, 2025

CVE-2022-43687

CVE-2022-43687

Description

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
concrete5/concrete5Packagist
< 8.5.108.5.10
concrete5/concrete5Packagist
>= 9.0.0, < 9.1.39.1.3

Affected products

2

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.