Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading rather than relying on DNS.Discoverer.

References

• https://nvd.nist.gov/vuln/detail/CVE-2021-22969
• https://hackerone.com/reports/1369312
• https://documentation.concretecms.org/developers/introduction/version-history/857-release-notes