CVE-2021-22178

Summary

An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=13.2, <13.6.7affected
GitLabGitLab>=13.7, <13.7.7affected
GitLabGitLab>=13.8, <13.8.4affected

Weaknesses

  • Server-side request forgery (ssrf) in GitLab

ADP Enrichment

CVE Program Container

Additional References

References