PT-2021-22714 · Gitlab · Gitlab Ce/Ee+1
Published
2021-10-05
·
Updated
2024-03-06
·
CVE-2021-39867
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
GitLab CE/EE versions 8.15 and later
Description:
A DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trigger Server Side Request Forgery (SSRF) attacks. This issue allows an attacker to potentially access internal services or sensitive information.
Recommendations:
For GitLab CE/EE versions 8.15 and later, update to a version that includes the fix for the DNS rebinding vulnerability in Gitea Importer.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee