Adrian_T

**Name of the Vulnerable Software and Affected Versions** Concrete CMS versions below 8.5.7 Concrete CMS version 9.0.0 is not affected as it includes the fix. **Description** The issue concerns a SSRF mitigation bypass using a DNS Rebind attack, allowing an attacker to fetch cloud IAAS IAM keys. To address this, Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading, rather than relying on DNS. A mitigation for this issue is to ensure IMDS configurations follow a cloud provider's best practices. **Recommendations** For Concrete CMS versions below 8.5.7, update to version 8.5.7 or later to fix the issue. For users who cannot update immediately, consider implementing the mitigation by ensuring IMDS configurations are according to a cloud provider's best practices. As a temporary workaround, consider restricting downloads from the local network and specifying validated IPs when downloading to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS versions 8.5.6 and below Concrete CMS version 9.0.0 **Description** The issue allows local IP importing, making the system vulnerable to SSRF attacks on private LAN servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local network apps. This also involves SSRF Mitigation Bypass through DNS Rebinding. **Recommendations** For Concrete CMS versions 8.5.6 and below, update to a version above 8.5.6 to mitigate the risk. For Concrete CMS version 9.0.0, consider disabling local IP importing until a patch is available. As a temporary workaround, restrict access to the local LAN to minimize the risk of exploitation.