Enhancement: cves/2021/CVE-2021-22214.yaml by mp

2022-06-27 12:28:50 -04:00 · 2022-06-27 12:28:50 -04:00 · 9af88a1ad5
parent f86141cbdd
commit 9af88a1ad5
1 changed files with 4 additions and 7 deletions
--- a/cves/2021/CVE-2021-22214.yaml
+++ b/cves/2021/CVE-2021-22214.yaml
@ -1,16 +1,11 @@
 id: CVE-2021-22214

 info:
-  name: Unauthenticated Gitlab SSRF - CI Lint API
+  name: Gitlab CE/EE 10.5- Server-Side Request Forgery
  author: Suman_Kar,GitLab Red Team
  severity: high
  description: |
-    When requests to the internal network for webhooks are enabled,
-    a server-side request forgery vulnerability in GitLab CE/EE affecting all
-    versions starting from 10.5 was possible to exploit for an unauthenticated
-    attacker even on a GitLab instance where registration is limited.
-    The same vulnerability actually spans multiple CVEs, due to similar reports
-    that were fixed across separate patches. These CVEs are:
+    GitLab CE/EE versions starting from 10.5 are susceptible to a server-side request forgery vulnerability when requests to the internal network for webhooks are enabled, even on a GitLab instance where registration is limited. The same vulnerability actually spans multiple CVEs, due to similar reports that were fixed across separate patches. These CVEs are:
    - CVE-2021-39935
    - CVE-2021-22214
    - CVE-2021-22175
@ -47,3 +42,5 @@ requests:
        part: body
        words:
          - "does not have valid YAML syntax"
+
+# Enhanced by mp on 2022/06/27