Skip to content

ZZ-SOCMAP/CVE-2021-22214

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
.gitignore
.gitignore
 
 
CVE-2021-22214.py
CVE-2021-22214.py
 
 
LICENSE
LICENSE
 
 
README.org
README.org
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

CVE-2021-22214

Description

  • POC for CVE-2021-22214: Gitlab CI Lint API未授权 SSRF漏洞
  • create by antx at 2021-11-01.

Detail

  • When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited.

CVE Severity

  • attackComplexity: HIGH
  • attackVector: NETWORK
  • availabilityImpact: NONE
  • confidentialityImpact: HIGH
  • integrityImpact: NONE
  • privilegesRequired: NONE
  • scope: CHANGED
  • userInteraction: NONE
  • version: 3.1
  • baseScore: 6.7
  • baseSeverity: MEDIUM

Affect

  • Gitlab >=10.5, <13.10.5
  • Gitlab >=13.11, <13.11.5
  • Gitlab >=13.12, <13.12.2

POC

Reference

About

Gitlab CI Lint API未授权 SSRF漏洞 CVE-2021-22214

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

10 stars

Watchers

1 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages