CVE-2021-22969

Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading rather than relying on DNS.Discoverer: Adrian Tiron from FORTBRIDGE ( https://www.fortbridge.co.uk/ )The Concrete CMS team gave this a CVSS 3.1 score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N . Please note that Cloud IAAS provider mis-configurations are not Concrete CMS vulnerabilities. A mitigation for this vulnerability is to make sure that the IMDS configurations are according to a cloud provider's best practices.This fix is also in Concrete version 9.0.0

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://documentation.concretecms.org/developers/introduction/version-history/857-release-notes	Release Notes Vendor Advisory
https://hackerone.com/reports/1369312	Permissions Required

Configurations

Configuration 1 (hide)

cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*

History

23 Nov 2021, 13:35

Type	Values Removed	Values Added
References	~~(MISC) https://hackerone.com/reports/1369312 -~~	(MISC) https://hackerone.com/reports/1369312 - Permissions Required
References	~~(MISC) https://documentation.concretecms.org/developers/introduction/version-history/857-release-notes -~~	(MISC) https://documentation.concretecms.org/developers/introduction/version-history/857-release-notes - Release Notes, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 5.0 v3 : 5.3
CPE		cpe:2.3:a:concretecms:concrete_cms::::::::
CWE		CWE-918

19 Nov 2021, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-11-19 19:15

Updated : 2023-12-10 14:09

NVD link : CVE-2021-22969

Mitre link : CVE-2021-22969

CVE.ORG link : CVE-2021-22969

JSON object : View

Products Affected

concretecms

concrete_cms

CWE

CWE-918

Server-Side Request Forgery (SSRF)

5.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-22969

5.3^/10

5.0^/10

Attach tags to `CVE-2021-22969`