CVE-2022-0425

Summary

A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery (SSRF) attacks.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=7.9, <14.5.4affected
GitLabGitLab>=14.6, <14.6.4affected
GitLabGitLab>=14.7, <14.7.1affected

Weaknesses

  • Server-side request forgery (ssrf) in GitLab

ADP Enrichment

CVE Program Container

Additional References

References