Fixing security issue CVE-2023-28473

Issue CVE-2023-28473 Concrete CMS (previously concrete5) before 9.2 is vulnerable to possible Auth bypass in the jobs section

This has been flagged by a client on a v8 site.
It’s been addresses in v9, but is there a v8 fix somewhere we can apply?

Is this a real threat, or just one of those obscure security glitches that is not exploitable in the real world? ie, in order to bypass permissions when running a job, a user need to be a site admin or have CLI access anyway.

Not sure, but mentioned here:

And here:

That boils down to (scores /10)
CVSS Base Score:
Impact Subscore:
Exploitability Subscore:

My reading is that for most sites (protected host login, single host admin, no granting of job permissions beyond administrators) that it can’t be exploited.

The 0.7/10 would be because it is conceivable that an administrator could run a job that internally does something a super-admin could do. Or that someone with host CLI access could run a job through the CLI without any site admin access.

I see, thanks for the detail on that.
So in our case it would definitely agree with what you are saying.