CVE-2021-22175

2021-06-1115:30:12

GitLab

www.cve.org

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

9.6

Confidence

High

EPSS

0.008

Percentile

82.2%

JSON

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled

CNA Affected

[
  {
    "product": "GitLab",
    "vendor": "GitLab",
    "versions": [
      {
        "status": "affected",
        "version": ">=10.5, <13.6.7"
      },
      {
        "status": "affected",
        "version": ">=13.7, <13.7.7"
      },
      {
        "status": "affected",
        "version": ">=13.8, <13.8.4"
      }
    ]
  }
]