CVE-2023-28473: Authenication bypass

April 28, 2023 (updated May 1, 2023)

Concrete CMS (previously concrete5) before 9.2 is vulnerable to possible Auth bypass in the jobs section.

References

concretecms.com/
github.com/advisories/GHSA-pj76-75cm-3552
nvd.nist.gov/vuln/detail/CVE-2023-28473
www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20

Detect and mitigate CVE-2023-28473 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →