4 matches found
Concrete CMS < 8.5.7 Multiple Vulnerabilities
Concrete CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:concretecms:concretecms"; if...
CVE-2021-22969
creationtimestamp| type| source ---|---|--- 2021-11-19 22:17:06+00:00| seen| https://t.me/cibsecurity/32734...
CVE-2021-22969
Concrete CMS formerly concrete5 versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS ex AWS IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading...
CVE-2021-22969
Concrete CMS formerly concrete5 versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS ex AWS IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading...