{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "8.5.10" }, { "introduced": "9.0.0" }, { "last_affected": "9.1.2" } ] }, "events": [ { "introduced": "0" }, { "fixed": "8092fdf02a80ff32d16c0a6642c9426a5a07a313" }, { "introduced": "b3774abddd475b4ba98b637402506f7a5ebd90ea" }, { "last_affected": "4b2d3e72ad8ba2c0a45109f600b447f90a16df8d" } ], "repo": "https://github.com/concretecms/concretecms", "type": "GIT" } ] } ], "details": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information (secrets in environment variables and server information) when Debug Mode is left on in production.", "id": "CVE-2022-43691", "modified": "2026-03-15T21:44:53.810992613Z", "published": "2022-11-14T23:15:12.650Z", "references": [ { "type": "ADVISORY", "url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes" }, { "type": "ADVISORY", "url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes" }, { "type": "ADVISORY", "url": "https://github.com/concretecms/concretecms/releases/8.5.10" }, { "type": "ADVISORY", "url": "https://github.com/concretecms/concretecms/releases/9.1.3" }, { "type": "ADVISORY", "url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "type": "CVSS_V3" } ] }