External risk intelligence

Mura CMS Authentication Bypass Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2022-47003

Mura CMS is a web-based content management system. These systems are typically deployed as public-facing web applications to serve content to internet users, making their authentication interfaces and associated web request handlers commonly reachable from the public internet.

Authentication Bypass

Murasoftware Mura Cms

before 10.0.580

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A security flaw in Mura CMS's "Remember Me" function can allow unauthorized access to systems by bypassing authentication. This vulnerability, found in the content management software, could potentially expose or compromise data if exploited. The primary concern is to confirm if our organization uses this specific software and, if so, to what extent it may be exposed.

  • Authentication bypassed via web requests.
  • Affects public-facing content management systems.
  • Confirm relevance and assess potential exposure.

Attack Path

How an attacker could exploit the issue

An attacker could exploit the Remember Me functionality in Mura CMS by sending a specially crafted web request. This could allow them to bypass the normal login process and gain unauthorized access to the system.

  • Attacker needs network access.
  • Triggered via a crafted web request.
  • Results in authentication bypass.

Live Threat

Current exploitation, exposure, and threat context

A vulnerability in Mura CMS's "Remember Me" function could allow an unauthenticated attacker to bypass login controls. This could happen when the feature is present and a specially crafted web request is sent to the application.

  • Unauthorized access to system data.
  • Bypassing login via crafted web request.
  • Compromise of system functionality.

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability in Mura CMS's Remember Me function likely falls under the purview of the application owner and potentially the platform or infrastructure teams responsible for its deployment. The first critical step is to identify all instances of Mura CMS, assess their exposure and business criticality, and then determine the accountable owner for remediation planning.

  • Application owners should investigate.
  • Verify all Mura CMS deployments.
  • Plan remediation based on risk.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is Mura CMS?

Mura CMS is a content management system used to build and manage websites. It provides tools for teams to organize digital content and serves it to users. Because it is web-based software, it functions as the engine behind a site, handling user interactions and login sessions.

What does CWE-287 mean for CVE-2022-47003?

CWE-287 refers to Improper Authentication. In the context of CVE-2022-47003, it means the software fails to correctly verify the identity of a user attempting to access the system. Specifically, the "Remember Me" feature has a flaw that lets an attacker bypass the login screen entirely, granting them access without needing valid credentials.

How is this vulnerability triggered?

An attacker triggers this by sending a specially crafted web request to the server. The vulnerability relies on the application's "Remember Me" function logic being active. It is not triggered by standard, legitimate user actions, but rather by malformed requests designed to deceive the authentication process into accepting an unauthorized session.

Is my Mura CMS instance at risk?

If you host Mura CMS publicly, Halo Surface Signal notes that it is likely reachable from the internet. Since authentication interfaces are typically exposed to serve content, any instance running a version before 10.0.580 is considered relevant. You should prioritize checking internet-facing servers first, as they are the most accessible entry points for this type of request.

What should I do if I use Mura CMS?

Your first step is to create an inventory of all Mura CMS deployments within your environment to identify which versions are in use. Once identified, consult the official vendor documentation to locate and apply the update to version 10.0.580 or later. Ensure that any team responsible for application security is aware of these instances to coordinate the upgrade.

References