{"vulnerability": "CVE-2021-2296", "sightings": [{"uuid": "6c46cdb4-0441-46df-89f2-32cb1a70a6f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22961", "type": "seen", "source": "https://t.me/cibsecurity/30678", "content": "\u203c CVE-2021-22961 \u203c\n\nA code injection vulnerability exists within the firewall software of GlassWire v2.1.167 that could lead to arbitrary code execution from a file in the user path on first execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-18T16:31:54.000000Z"}, {"uuid": "a31c0242-8c43-428c-9d9e-040d01df8b31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22962", "type": "seen", "source": "https://t.me/arpsyndicate/2089", "content": "#ExploitObserverAlert\n\nCVE-2021-22962\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2021-22962. An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.", "creation_timestamp": "2023-12-23T05:45:10.000000Z"}, {"uuid": "1ad180d1-acf3-4f72-b36a-415eb2cd1f4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22968", "type": "seen", "source": "https://t.me/arpsyndicate/2649", "content": "#ExploitObserverAlert\n\nCVE-2021-22968\n\nDESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-22968. A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below.The external file upload feature stages files in the public directory even if they have disallowed file extensions. They are stored in a directory with a random name, but it's possible to stall the uploads and brute force the directory name. You have to be an admin with the ability to upload files, but this bug gives you the ability to upload restricted file types and execute them depending on server configuration.To fix this, a check for allowed file extensions was added before downloading files to a tmp directory.Concrete CMS Security Team gave this a CVSS v3.1 score of 5.4 AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:NThis fix is also in Concrete version 9.0.0\n\nFIRST-EPSS: 0.009040000\nNVD-IS: 5.9\nNVD-ES: 1.2", "creation_timestamp": "2024-01-08T14:40:16.000000Z"}, {"uuid": "823bb7e6-eddb-4ce0-97d0-01c1a328f237", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22962", "type": "seen", "source": "https://t.me/ctinow/167705", "content": "https://ift.tt/VLrQq8C\nCVE-2021-22962 | Ivanti Avalanche 6.4.1 Request denial of service", "creation_timestamp": "2024-01-13T07:21:37.000000Z"}, {"uuid": "799b66ee-f0cd-415c-a65b-0835b042f3ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22966", "type": "seen", "source": "https://t.me/cibsecurity/32746", "content": "\u203c CVE-2021-22966 \u203c\n\nPrivilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. If a group is granted \"view\" permissions on the bulkupdate page, then users in that group can escalate to being an administrator with a specially crafted curl. Fixed by adding a check for group permissions before allowing a group to be moved. Concrete CMS Security team CVSS scoring: 7.1 AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HCredit for discovery: \"Adrian Tiron from FORTBRIDGE ( https://www.fortbridge.co.uk/ )\"This fix is also in Concrete version 9.0.0\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-19T22:17:21.000000Z"}, {"uuid": "59ce0652-24c0-48ca-9652-e33f7b248a02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22967", "type": "seen", "source": "https://t.me/cibsecurity/32741", "content": "\u203c CVE-2021-22967 \u203c\n\nIn Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthenticated User to Access Restricted Files If Allowed to Add Message to a Conversation.To remediate this, a check was added to verify a user has permissions to view files before attaching the files to a message in \"add / edit message\u00e2\u20ac\ufffd.Concrete CMS security team gave this a CVSS v3.1 score of 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NCredit for discovery Adrian H\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-19T22:17:15.000000Z"}, {"uuid": "fbc31f94-dd55-4043-890a-371310977f38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22965", "type": "seen", "source": "https://t.me/cibsecurity/32738", "content": "\u203c CVE-2021-22965 \u203c\n\nA vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-19T22:17:11.000000Z"}, {"uuid": "598217b5-418e-4bf4-8a73-0797e678de80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22968", "type": "seen", "source": "https://t.me/cibsecurity/32736", "content": "\u203c CVE-2021-22968 \u203c\n\nA bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below.The external file upload feature stages files in the public directory even if they have disallowed file extensions. They are stored in a directory with a random name, but it's possible to stall the uploads and brute force the directory name. You have to be an admin with the ability to upload files, but this bug gives you the ability to upload restricted file types and execute them depending on server configuration.To fix this, a check for allowed file extensions was added before downloading files to a tmp directory.Concrete CMS Security Team gave this a CVSS v3.1 score of 5.4 AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:NThis fix is also in Concrete version 9.0.0\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-19T22:17:08.000000Z"}, {"uuid": "95986905-9c30-4065-ad3f-a89bd598e141", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22969", "type": "seen", "source": "https://t.me/cibsecurity/32734", "content": "\u203c CVE-2021-22969 \u203c\n\nConcrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading rather than relying on DNS.Discoverer: Adrian Tiron from FORTBRIDGE ( https://www.fortbridge.co.uk/ )The Concrete CMS team gave this a CVSS 3.1 score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N . Please note that Cloud IAAS provider mis-configurations are not Concrete CMS vulnerabilities. A mitigation for this vulnerability is to make sure that the IMDS configurations are according to a cloud provider's best practices.This fix is also in Concrete version 9.0.0\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-19T22:17:06.000000Z"}, {"uuid": "15c4e73b-d72e-433b-8c7e-bf0ba963b8f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22960", "type": "seen", "source": "https://t.me/cibsecurity/31775", "content": "\u203c CVE-2021-22960 \u203c\n\nThe parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-03T23:23:25.000000Z"}, {"uuid": "fa18851f-2925-4203-ad5d-01c25273a27f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22963", "type": "seen", "source": "https://t.me/cibsecurity/30567", "content": "\u203c CVE-2021-22963 \u203c\n\nA redirect vulnerability in the fastify-static module version < 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applications that set redirect: true option. By default, it is false.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-14T18:27:45.000000Z"}, {"uuid": "33e93b37-66c9-4ec6-abc9-9d950727e24f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22964", "type": "seen", "source": "https://t.me/cibsecurity/30571", "content": "\u203c CVE-2021-22964 \u203c\n\nA redirect vulnerability in the `fastify-static` module version >= 4.2.4 and < 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash `//` followed by a domain: `http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e`.A DOS vulnerability is possible if the URL contains invalid characters `curl --path-as-is \"http://localhost:3000//^/..\"`The issue shows up on all the `fastify-static` applications that set `redirect: true` option. By default, it is `false`.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-14T18:27:52.000000Z"}]}