Lucene search
HackeroneCVELIST:CVE-2021-22958HistoryOct 07, 2021 - 1:35 p.m.
CVE-2021-22958
2021-10-0713:35:02
CWE-918
hackerone
www.cve.org
4
server-side request forgery
concrete5
decimal notation
ip address
localhost
local services
vulnerability
cve-2021-22958
cvssv2.0
A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.CVSSv2.0 AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
CNA Affected
[
{
"product": "https://github.com/concrete5/concrete5",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 8.5.5"
}
]
}
]Related
hackerone
hackerone
Concrete CMS: SSRF bypass
2020-04-30 13:38:41
osv
osv
Server-Side Request Forgery vulnerability in concrete5
2021-10-12 18:41:59
veracode
veracode
Server-side Request Forgery (SSRF)
2021-10-08 06:19:52
cve
cve
CVE-2021-22958
2021-10-07 14:15:08
nvd
nvd
CVE-2021-22958
2021-10-07 14:15:08
prion
prion
Server side request forgery (ssrf)
2021-10-07 14:15:00
cnvd
cnvd
Portlandlabs Concrete5 server-side request forgery vulnerability
2021-10-10 00:00:00
github
github
Server-Side Request Forgery vulnerability in concrete5
2021-10-12 18:41:59
openvas
openvas
Concrete CMS < 8.5.5 Multiple Vulnerabilities
2021-03-29 00:00:00