Enhancement: cves/2021/CVE-2021-22214.yaml by mp
MostInterestingBotInTheWorld
parent
f86141cbdd
commit
9af88a1ad5
|
|
@ -1,16 +1,11 @@
|
||||||
id: CVE-2021-22214
|
id: CVE-2021-22214
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Unauthenticated Gitlab SSRF - CI Lint API
|
name: Gitlab CE/EE 10.5- Server-Side Request Forgery
|
||||||
author: Suman_Kar,GitLab Red Team
|
author: Suman_Kar,GitLab Red Team
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
When requests to the internal network for webhooks are enabled,
|
GitLab CE/EE versions starting from 10.5 are susceptible to a server-side request forgery vulnerability when requests to the internal network for webhooks are enabled, even on a GitLab instance where registration is limited. The same vulnerability actually spans multiple CVEs, due to similar reports that were fixed across separate patches. These CVEs are:
|
||||||
a server-side request forgery vulnerability in GitLab CE/EE affecting all
|
|
||||||
versions starting from 10.5 was possible to exploit for an unauthenticated
|
|
||||||
attacker even on a GitLab instance where registration is limited.
|
|
||||||
The same vulnerability actually spans multiple CVEs, due to similar reports
|
|
||||||
that were fixed across separate patches. These CVEs are:
|
|
||||||
- CVE-2021-39935
|
- CVE-2021-39935
|
||||||
- CVE-2021-22214
|
- CVE-2021-22214
|
||||||
- CVE-2021-22175
|
- CVE-2021-22175
|
||||||
|
|
@ -47,3 +42,5 @@ requests:
|
||||||
part: body
|
part: body
|
||||||
words:
|
words:
|
||||||
- "does not have valid YAML syntax"
|
- "does not have valid YAML syntax"
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/06/27
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue