High severity8.8NVD Advisory· Published Nov 14, 2022· Updated Jun 17, 2026
CVE-2022-43693
CVE-2022-43693
Description
Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
concrete5/concrete5Packagist | < 8.5.10 | 8.5.10 |
concrete5/concrete5Packagist | >= 9.0.0RC1, < 9.1.3 | 9.1.3 |
Affected products
2- Concrete CMS/Concrete CMSdescription
Patches
Vulnerability mechanics
References
7- github.com/concretecms/concretecms/releases/8.5.10nvdPatchRelease NotesThird Party AdvisoryWEB
- github.com/concretecms/concretecms/releases/9.1.3nvdPatchRelease NotesThird Party AdvisoryWEB
- documentation.concretecms.org/developers/introduction/version-history/8510-release-notesnvdRelease NotesVendor AdvisoryWEB
- documentation.concretecms.org/developers/introduction/version-history/913-release-notesnvdRelease NotesVendor AdvisoryWEB
- github.com/advisories/GHSA-w8fp-3gwq-gxpwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-43693ghsaADVISORY
- www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31nvdVendor AdvisoryWEB
News mentions
0No linked articles in our index yet.