CVE-2021-22970
CVSS V2 Medium 5
CVSS V3 High 7.5
Description
Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. SSRF attacks on the private LAN servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local network appsandb. SSRF Mitigation Bypass through DNS RebindingConcrete CMS security team gave this a CVSS score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:NConcrete CMS is maintaining Concrete version 8.5.x until 1 May 2022 for security fixes.This CVE is shared with HackerOne Reports https://hackerone.com/reports/1364797 and https://hackerone.com/reports/1360016Reporters: Adrian Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) and Bipul Jaiswal
Overview
- CVE ID
- CVE-2021-22970
- Assigner
- support@hackerone.com
- Vulnerability Status
- Analyzed
- Published Version
- 2021-11-19T19:15:08
- Last Modified Date
- 2021-11-23T13:36:22
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:* | 1 | OR | 8.5.6 | |
| cpe:2.3:a:concretecms:concrete_cms:9.0:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- NONE
- Availability Impact
- NONE
- Base Score
- 5
- Severity
- MEDIUM
- Exploitability Score
- 10
- Impact Score
- 2.9
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- NONE
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- NONE
- Base Score
- 7.5
- Base Severity
- HIGH
- Exploitability Score
- 3.9
- Impact Score
- 3.6
References
| Reference URL | Reference Tags |
|---|---|
| https://hackerone.com/reports/1364797 | Permissions Required |
| https://documentation.concretecms.org/developers/introduction/version-history/901-release-notes | Release Notes Vendor Advisory |
| https://documentation.concretecms.org/developers/introduction/version-history/857-release-notes | Release Notes Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2021-22970 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22970 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 06:45:20 | Added to TrackCVE | |||
| 2022-12-05 14:55:59 | cve-assignments@hackerone.com | support@hackerone.com | CVE Assigner | updated |
| 2022-12-05 14:55:59 | 2021-11-19T19:15Z | 2021-11-19T19:15:08 | CVE Published Date | updated |
| 2022-12-05 14:55:59 | 2021-11-23T13:36:22 | CVE Modified Date | updated | |
| 2022-12-05 14:55:59 | Analyzed | Vulnerability Status | updated |