PT-2021-22774 · Gitlab · Gitlab Ce/Ee+1
Minhlion
·
Published
2021-06-17
·
Updated
2026-02-11
·
CVE-2021-39935
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab CE/EE versions 10.5 through 14.3.5
GitLab CE/EE versions 14.4 through 14.4.3
GitLab CE/EE versions 14.5 through 14.5.1
Description
An issue has been discovered in GitLab CE/EE where unauthorized external users could perform Server Side Requests via the CI Lint API.
Recommendations
For versions 10.5 through 14.3.5, update to version 14.3.6 or later.
For versions 14.4 through 14.4.3, update to version 14.4.4 or later.
For versions 14.5 through 14.5.1, update to version 14.5.2 or later.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee