Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.
2022-11-14T23:15:11.993
2025-04-30T16:15:28.590
Modified
CVSSv3.1: 5.4 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | concretecms | concrete_cms | < 8.5.10 | Yes |
| Application | concretecms | concrete_cms | ≤ 9.1.2 | Yes |