CVE-2021-22969

MEDIUM

5.3

Description

Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading rather than relying on DNS.Discoverer: Adrian Tiron from FORTBRIDGE ( https://www.fortbridge.co.uk/ )The Concrete CMS team gave this a CVSS 3.1 score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N . Please note that Cloud IAAS provider mis-configurations are not Concrete CMS vulnerabilities. A mitigation for this vulnerability is to make sure that the IMDS configurations are according to a cloud provider's best practices.This fix is also in Concrete version 9.0.0

Details CVE

Score CVSS v3.15.3

SeveriteMEDIUM

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie11/19/2021

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

concretecms:concrete_cms

Faiblesses (CWE)

CWE-918CWE-918

References

https://documentation.concretecms.org/developers/introduction/version-history/857-release-notes(support@hackerone.com)

https://hackerone.com/reports/1369312(support@hackerone.com)

https://documentation.concretecms.org/developers/introduction/version-history/857-release-notes(af854a3a-2127-422b-91ae-364da2661108)

https://hackerone.com/reports/1369312(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.