How severe is CVE-2021-22951?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2021-22951?

This is classified as CWE-639, which is a common weakness in software security.

CVE-2021-22951

HIGH Year: 2021

CVSS v3 Score

7.5

High

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-639

View all →

Vulnerability Description

Unauthorized individuals could view password protected files using view_inline in Concrete CMS (previously concrete 5) prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in view_inline and, if it does, the file is not rendered.For version 8.5.6, the following mitigations were put in place a. restricting file types for view_inline to images only b. putting a warning in the file manager to advise users.Credit for discovery: "Solar Security Research Team"Concrete CMS security team CVSS scoring is 5.3: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NThis fix is also in Concrete version 9.0.0

CVE-2017-0922

HIGH

CVSS:7.5(High)

Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object.

CWE-6392017

CVE-2018-17449

HIGH

CVSS:7.5(High)

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comm...

CWE-6392018

CVE-2018-17455

HIGH

CVSS:7.5(High)

An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settin...

CWE-6392018

CVE-2018-19584

HIGH

CVSS:7.5(High)

GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, use...

CWE-6392018

CVE-2019-13337

HIGH

CVSS:7.5(High)

In WESEEK GROWI before 3.5.0, the site-wide basic authentication can be bypassed by adding a URL parameter access_token (this is the parameter used by the API). No valid token is required since it is ...

CWE-6392019

CVE-2019-13461

HIGH

CVSS:7.5(High)

In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_address_invoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web a...

CWE-6392019

CVE-2021-22951

Vulnerability Description

Related Vulnerabilities

CVE-2017-0922

CVE-2018-17449

CVE-2018-17455

CVE-2018-19584

CVE-2019-13337

CVE-2019-13461