CVE-2021-22175

Summary

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=10.5, <13.6.7affected
GitLabGitLab>=13.7, <13.7.7affected
GitLabGitLab>=13.8, <13.8.4affected

Weaknesses

  • Server-side request forgery (ssrf) in GitLab

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References