Concrete CMS versions 8.5.6 and below and version 9.0.0 allow SSRF attacks on private LAN servers, with a CVSS score of 3.5
Reporter | Title | Published | Views | Family All 10 |
---|---|---|---|---|
Prion | Server side request forgery (ssrf) | 19 Nov 202119:15 | – | prion |
OpenVAS | Concrete CMS 9.0.0 SSRF Vulnerability | 22 Nov 202100:00 | – | openvas |
OpenVAS | Concrete CMS < 8.5.7 Multiple Vulnerabilities | 22 Nov 202100:00 | – | openvas |
OSV | Server-Side Request Forgery in Concrete CMS | 23 Nov 202118:18 | – | osv |
CNVD | PortlandLabs Concrete Cms Code Problem Vulnerability | 23 Nov 202100:00 | – | cnvd |
Cvelist | CVE-2021-22970 | 19 Nov 202118:08 | – | cvelist |
NVD | CVE-2021-22970 | 19 Nov 202119:15 | – | nvd |
Hacker One | Concrete CMS: SSRF - pivoting in the private LAN | 10 Oct 202108:28 | – | hackerone |
Veracode | Server-Side Request Forgery (SSRF) | 24 Nov 202109:51 | – | veracode |
Github Security Blog | Server-Side Request Forgery in Concrete CMS | 23 Nov 202118:18 | – | github |
[
{
"product": "https://github.com/concrete5/concrete5",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affected versions Concrete CMS (formerly concrete5) versions below 8.5.6 and 9.0.0. Fixed versions 9.0.1 and 8.5.7"
}
]
}
]
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo