- POC for CVE-2021-22214: Gitlab CI Lint API未授权 SSRF漏洞
- create by antx at 2021-11-01.
- When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited.
- attackComplexity: HIGH
- attackVector: NETWORK
- availabilityImpact: NONE
- confidentialityImpact: HIGH
- integrityImpact: NONE
- privilegesRequired: NONE
- scope: CHANGED
- userInteraction: NONE
- version: 3.1
- baseScore: 6.7
- baseSeverity: MEDIUM
- Gitlab >=10.5, <13.10.5
- Gitlab >=13.11, <13.11.5
- Gitlab >=13.12, <13.12.2