CVE-2021-22175

CVSS 6.8 MEDIUMEPSS 53.4%● KEVCWE-918

In short

GitLab allowed unauthenticated attackers to make unauthorized requests to internal networks through webhooks, even when user registration was disabled. This could be exploited to access sensitive internal systems or services that should not be reachable from the internet.

Technical detail

A server-side request forgery (SSRF) vulnerability in GitLab's webhook functionality (CWE-918) allowed unauthenticated attackers to craft malicious webhook requests targeting internal network resources. The vulnerability required webhook functionality to be enabled but bypassed authentication controls, potentially enabling reconnaissance or exploitation of internal services not directly exposed to the internet.

Summary generated and translated by AI from the official description.

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Affected products

GitLab · GitLab

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json https://gitlab.com/gitlab-org/gitlab/-/issues/294178 https://hackerone.com/reports/1059596 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22175