GHSA-GFHP-JGP6-838J

Vulnerability from github – Published: 2022-09-30 04:54 – Updated: 2022-11-01 12:56
VLAI?
Summary
Orckestra C1 CMS's deserialization of untrusted data allows for arbitrary code execution.
Details

Impact

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform the actions unknowingly by visiting a specially crafted site.

Patches

Patched in C1 CMS v6.13

Workarounds

Upgrade to C1 CMS v6.13 or newer is required

Credit

This issue was discovered and reported by Markus Wulftange / Code White GmbH.

Severity ?
9.0 (Critical)
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "CompositeC1.Core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-39256"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-30T04:54:06Z",
    "nvd_published_at": "2022-09-27T15:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. \nAuthentication is required to exploit this vulnerability.\nThe authenticated user may perform the actions unknowingly by visiting a specially crafted site.\n\n### Patches\nPatched in C1 CMS v6.13\n\n### Workarounds\nUpgrade to C1 CMS v6.13 or newer is required\n\n### Credit\nThis issue was discovered and reported by Markus Wulftange  / [Code White GmbH](https://code-white.com/en/).\n",
  "id": "GHSA-gfhp-jgp6-838j",
  "modified": "2022-11-01T12:56:34Z",
  "published": "2022-09-30T04:54:06Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Orckestra/C1-CMS-Foundation/security/advisories/GHSA-gfhp-jgp6-838j"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39256"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Orckestra/C1-CMS-Foundation/pull/814"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Orckestra/C1-CMS-Foundation/commit/af856ab5a62d19acf6aea1b1f4c6c3c4985c9446"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Orckestra/C1-CMS-Foundation"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Orckestra/C1-CMS-Foundation/releases/tag/v6.13"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Orckestra C1 CMS\u0027s deserialization of untrusted data allows for arbitrary code execution."
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.