PT-2021-22740 · Gitlab · Gitlab Ce/Ee+1
Published
2021-10-05
·
Updated
2024-03-06
·
CVE-2021-39894
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
GitLab CE/EE versions 8.0 and later
Description:
A DNS rebinding vulnerability exists in the Fogbugz importer, which may be used by attackers to exploit Server Side Request Forgery attacks. This issue affects all versions of GitLab CE/EE since version 8.0.
Recommendations:
For GitLab CE/EE versions 8.0 and later, consider disabling the Fogbugz importer until a patch is available to prevent exploitation of the DNS rebinding vulnerability. Restrict access to the importer to minimize the risk of Server Side Request Forgery attacks.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee