Craft CMS CVE-2023-41892
This article is a bit older and might be outdated.
Update your Craft CMS 4 installation, if you have not for a while. There is a low-effort high-impact vulnerability out there.
# Affected Craft CMS versions
>= 4.0.0-RC1<= 4.4.14
# Actions we have been taking
As your friendly Craft CMS web-hosting service, we have identified affected Apps by automatically scanning the deployed composer.json file and informed attached Accounts about the vulnerability by email.
# Actions to be done by you
Dear web master, update your public Craft CMS 4 installation to at least version 4.4.15. The higher the better. The most current version as of this writing is 4.8. We recommend to update your local installation in your web development environment first and then deploy the latest version. Here is a guide how to best do that.
In addition, as recommended, best reset all passwords of your Craft CMS users, refresh the security key, reset the database password, reset all private details or secrets that might have been leaked.