GHSA-mcxr-fx5f-96qq

Source

https://github.com/advisories/GHSA-mcxr-fx5f-96qq

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/11/GHSA-mcxr-fx5f-96qq/GHSA-mcxr-fx5f-96qq.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-mcxr-fx5f-96qq

Aliases

CVE-2021-22969

Published

2021-11-23T18:18:35Z

Modified

2024-12-02T05:44:30.408157Z

Summary

Server-Side Request Forgery in Concrete CMS

Details

Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading rather than relying on DNS.Discoverer.

Database specific

{
    "nvd_published_at": "2021-11-19T19:15:00Z",
    "cwe_ids": [
        "CWE-918"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2021-11-22T18:30:27Z"
}

References

Affected packages

Packagist / concrete5/core

Package

Name: concrete5/core
Purl: pkg:composer/concrete5/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.5.7

Affected versions

8.*

8.2.0RC2

8.2.0

8.2.1

8.3.0

8.3.1

8.3.2

8.4.0RC3

8.4.0RC4

8.4.0

8.4.1

8.4.2

8.4.3

8.4.4

8.4.5

8.5.0RC1

8.5.0RC2

8.5.0

8.5.1

8.5.2

8.5.3

8.5.4

8.5.5

8.5.6RC1

8.5.6