PT-2021-4083 · Gitlab · Gitlab Ce/Ee+1

Published

2021-01-05

Updated

2026-06-16

CVE-2021-22214

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 10.5 and later

Description A server-side request forgery vulnerability in GitLab CE/EE allows an unauthenticated attacker to exploit the issue when requests to the internal network for webhooks are enabled. This vulnerability is related to insufficient validation of incoming requests and can be exploited by a remote attacker to gain access to confidential data.

Recommendations For versions 10.5 and later, consider disabling the webhook functionality until a patch is available to prevent exploitation of the server-side request forgery vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

BDU:2021-04661

BIT-GITLAB-2021-22214

CVE-2021-22214

Affected Products

Gitlab

Gitlab Ce/Ee

PT-2021-4083 · Gitlab · Gitlab Ce/Ee+1

CVE-2021-22214

Weakness Enumeration

Related Identifiers

Affected Products

References · 21