PT-2021-14914 · Gitlab · Gitlab Ce/Ee+1

Ledz1996

Published

2021-04-02

Updated

2024-03-06

CVE-2021-22203

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.7.9 through 13.8.7 GitLab CE/EE versions 13.9 through 13.9.5 GitLab CE/EE versions 13.10 through 13.10.1

Description: An issue has been discovered in GitLab CE/EE where a specially crafted Wiki page allowed attackers to read arbitrary files on the server.

Recommendations: For versions 13.7.9 through 13.8.7, update to version 13.8.7 or later. For versions 13.9 through 13.9.5, update to version 13.9.5 or later. For versions 13.10 through 13.10.1, update to version 13.10.1 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BIT-GITLAB-2021-22203

CVE-2021-22203

Affected Products

Gitlab

Gitlab Ce/Ee

PT-2021-14914 · Gitlab · Gitlab Ce/Ee+1

CVE-2021-22203

Related Identifiers

Affected Products

References · 10