CVE-2021-22969 – concrete5/core

Package

Manager: composer
Name: concrete5/core
Vulnerable Version: >=0 <8.5.7

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L

EPSS: 0.00268 pctl0.5004

Details

Server-Side Request Forgery in Concrete CMS Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading rather than relying on DNS.Discoverer.

Metadata

Created: 2021-11-23T18:18:35Z
Modified: 2021-11-22T18:30:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/11/GHSA-mcxr-fx5f-96qq/GHSA-mcxr-fx5f-96qq.json
CWE IDs: ["CWE-918"]
Alternative ID: GHSA-mcxr-fx5f-96qq
Finding: F100
Auto approve: 1