CVE-2021-22969

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-22969
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22969.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-22969
Aliases
Published
2021-11-19T19:15:08.507Z
Modified
2026-04-10T04:30:17.287332Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading rather than relying on DNS.Discoverer: Adrian Tiron from FORTBRIDGE ( https://www.fortbridge.co.uk/ )The Concrete CMS team gave this a CVSS 3.1 score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N . Please note that Cloud IAAS provider mis-configurations are not Concrete CMS vulnerabilities. A mitigation for this vulnerability is to make sure that the IMDS configurations are according to a cloud provider's best practices.This fix is also in Concrete version 9.0.0

References

Affected packages

Git / github.com/concretecms/concretecms

Affected ranges

Type
GIT
Repo
https://github.com/concretecms/concretecms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
96a2e7293f2168be9e3530fdfd551ea6005bd19a
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "8.5.7"
        }
    ]
}

Affected versions

5.*
5.7.0
5.7.0.1
5.7.0.3
5.7.0.4
5.7.1
5.7.2
5.7.2.1
5.7.3
5.7.3.1
5.7.4.1
5.7.5.2
5.7.5.5
5.7.5.6
5.7.5.7
8.*
8.1.0
8.2.0
8.2.0RC2
8.2.1
8.3.1
8.4.1
8.5.6

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22969.json"