Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to build 474 or v1.1.10. The only known workaround is to manually apply the patch (e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a) which adds server signature validation.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-02-23T23:30:09
Updated: 2024-08-03T03:51:44.208Z
Reserved: 2022-01-19T00:00:00
Link: CVE-2022-23655
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-02-24T00:15:07.507
Modified: 2022-03-07T17:15:35.533
Link: CVE-2022-23655
Redhat
No data.