This is the deployment for Gitlab Enterprise Edition (13.9.5) that is vulnerable to CVE-2021-22205 using Docker container.
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
Required atleast 4 CPU, 8GB RAM and 160GB Storage if using Digital Ocean's droplet. (Monthly around $40 only)
docker-compose up --build -d
- ./config:/etc/gitlab
- ./logs:/var/log/gitlab
- ./data:/var/opt/gitlab
- https://www.rapid7.com/blog/post/2021/11/01/gitlab-unauthenticated-remote-code-execution-cve-2021-22205-exploited-in-the-wild/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22205
- https://about.gitlab.com/blog/2021/11/04/action-needed-in-response-to-cve2021-22205/
- https://nvd.nist.gov/vuln/detail/CVE-2021-22205
Released under MIT by @ahmad4fifz.