Enhancement: cves/2021/CVE-2021-22214.yaml by mp
parent
f86141cbdd
commit
9af88a1ad5
|
@ -1,16 +1,11 @@
|
|||
id: CVE-2021-22214
|
||||
|
||||
info:
|
||||
name: Unauthenticated Gitlab SSRF - CI Lint API
|
||||
name: Gitlab CE/EE 10.5- Server-Side Request Forgery
|
||||
author: Suman_Kar,GitLab Red Team
|
||||
severity: high
|
||||
description: |
|
||||
When requests to the internal network for webhooks are enabled,
|
||||
a server-side request forgery vulnerability in GitLab CE/EE affecting all
|
||||
versions starting from 10.5 was possible to exploit for an unauthenticated
|
||||
attacker even on a GitLab instance where registration is limited.
|
||||
The same vulnerability actually spans multiple CVEs, due to similar reports
|
||||
that were fixed across separate patches. These CVEs are:
|
||||
GitLab CE/EE versions starting from 10.5 are susceptible to a server-side request forgery vulnerability when requests to the internal network for webhooks are enabled, even on a GitLab instance where registration is limited. The same vulnerability actually spans multiple CVEs, due to similar reports that were fixed across separate patches. These CVEs are:
|
||||
- CVE-2021-39935
|
||||
- CVE-2021-22214
|
||||
- CVE-2021-22175
|
||||
|
@ -47,3 +42,5 @@ requests:
|
|||
part: body
|
||||
words:
|
||||
- "does not have valid YAML syntax"
|
||||
|
||||
# Enhanced by mp on 2022/06/27
|
||||
|
|
Loading…
Reference in New Issue