CVE-2022-30117 - OpenCVE

Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload to ensure Concrete doesn’t allow traversal and by changing isFullChunkFilePresent to have an early false return when input doesn't match expectations.Concrete CMS Security team ranked this 5.8 with CVSS v3.1 vector AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H. Credit to Siebene for reporting.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Concretecms	Concrete Cms

Configuration 1 [-]

OR	cpe:2.3:a:concretecms:concrete_cms::::::::
	cpe:2.3:a:concretecms:concrete_cms::::::::

No data.

References

Link	Providers
https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes
https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes
https://hackerone.com/reports/1482280

History

No history.

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2022-06-24T14:59:59

Updated: 2024-08-03T06:40:47.569Z

Reserved: 2022-05-02T00:00:00

Link: CVE-2022-30117

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-06-24T15:15:10.863

Modified: 2022-07-05T18:05:54.507

Link: CVE-2022-30117

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "https://github.com/concrete5/concrete5", "vendor": "n/a", "versions": [{"status": "affected", "version": "Remediated in Concrete CMS 8.5.8 and 9.1.0. Affected Versions are Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2"}]}], "descriptions": [{"lang": "en", "value": "Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload to ensure Concrete doesn\u2019t allow traversal and by changing isFullChunkFilePresent to have an early false return when input doesn't match expectations.Concrete CMS Security team ranked this 5.8 with CVSS v3.1 vector AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H. Credit to Siebene for reporting."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "Path Traversal (CWE-22)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-24T14:59:59", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/1482280"}, {"tags": ["x_refsource_MISC"], "url": "https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes"}, {"tags": ["x_refsource_MISC"], "url": "https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2022-30117", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "https://github.com/concrete5/concrete5", "version": {"version_data": [{"version_value": "Remediated in Concrete CMS 8.5.8 and 9.1.0. Affected Versions are Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload to ensure Concrete doesn\u2019t allow traversal and by changing isFullChunkFilePresent to have an early false return when input doesn't match expectations.Concrete CMS Security team ranked this 5.8 with CVSS v3.1 vector AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H. Credit to Siebene for reporting."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Path Traversal (CWE-22)"}]}]}, "references": {"reference_data": [{"name": "https://hackerone.com/reports/1482280", "refsource": "MISC", "url": "https://hackerone.com/reports/1482280"}, {"name": "https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes", "refsource": "MISC", "url": "https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes"}, {"name": "https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes", "refsource": "MISC", "url": "https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:40:47.569Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/1482280"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes"}]}]}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2022-30117", "datePublished": "2022-06-24T14:59:59", "dateReserved": "2022-05-02T00:00:00", "dateUpdated": "2024-08-03T06:40:47.569Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "D821B974-A48F-4925-B849-55AC51A0BE0A", "versionEndExcluding": "8.5.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "E6E5829D-AFD1-4C1B-9E53-400D09956577", "versionEndExcluding": "9.1.0", "versionStartIncluding": "9.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload to ensure Concrete doesn\u2019t allow traversal and by changing isFullChunkFilePresent to have an early false return when input doesn't match expectations.Concrete CMS Security team ranked this 5.8 with CVSS v3.1 vector AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H. Credit to Siebene for reporting."}, {"lang": "es", "value": "Concrete versiones 8.5.7 y anteriores, as\u00ed como Concrete versiones 9.0 hasta 9.0.2, permiten un salto en el archivo /index.php/ccm/system/file/upload, lo que podr\u00eda resultar en una explotaci\u00f3n de eliminaci\u00f3n de archivos arbitrarios. Esto fue mitigado al sanear /index.php/ccm/system/file/upload para asegurar que Concrete no permita el salto y cambiando isFullChunkFilePresent para que tenga un retorno falso temprano cuando la entrada no coincida con las expectativas. El equipo de seguridad de Concrete CMS clasific\u00f3 esto 5.8 con vector CVSS v3.1 AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H. Cr\u00e9dito a Siebene por reportar"}], "id": "CVE-2022-30117", "lastModified": "2022-07-05T18:05:54.507", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-24T15:15:10.863", "references": [{"source": "support@hackerone.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes"}, {"source": "support@hackerone.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes"}, {"source": "support@hackerone.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://hackerone.com/reports/1482280"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "support@hackerone.com", "type": "Secondary"}]}