{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T23:03:58.522","vulnerabilities":[{"cve":{"id":"CVE-2022-23655","sourceIdentifier":"security-advisories@github.com","published":"2022-02-24T00:15:07.507","lastModified":"2024-11-21T06:49:01.930","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to build 474 or v1.1.10. The only known workaround is to manually apply the patch (e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a) which adds server signature validation."},{"lang":"es","value":"Octobercms es una plataforma CMS auto-alojada basada en el framework PHP Laravel. Las versiones afectadas de OctoberCMS no comprueban las firmas del servidor de puerta de enlace. Como resultado, los servidores de puerta de enlace no autorizados pueden ser usados para exfiltrar las claves privadas de usuarios. Es recomendado a usuarios actualizar sus instalaciones a versión 474 o a versión v1.1.10. La única medida de mitigación conocida es aplicar manualmente el parche (e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a) que añade la comprobación de la firma del servidor"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:N/A:N","baseScore":2.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":4.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-347"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.475","matchCriteriaId":"42D784EC-AC13-4AE2-83D8-39C4170BCB7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*","versionStartIncluding":"1.1.0","versionEndExcluding":"1.1.11","matchCriteriaId":"F871AD37-852B-4C7A-AC65-B0FD3938534C"}]}]}],"references":[{"url":"https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}