Exploit for Server-Side Request Forgery in Gitlab CVE-2021-22214

## https://sploitus.com/exploit?id=5BE6489F-BE55-5998-8116-E8A72B600191
* CVE-2021-22214
--------
** Description
    - POC for CVE-2021-22214: Gitlab CI Lint API未授权 SSRF漏洞
    - create by antx at 2021-11-01.
--------
** Detail
    - When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited.
--------
** CVE Severity
    - attackComplexity: HIGH
    - attackVector: NETWORK
    - availabilityImpact: NONE
    - confidentialityImpact: HIGH
    - integrityImpact: NONE
    - privilegesRequired: NONE
    - scope: CHANGED
    - userInteraction: NONE
    - version: 3.1
    - baseScore: 6.7
    - baseSeverity: MEDIUM
--------
** Affect
    - Gitlab >=10.5, <13.10.5
    - Gitlab >=13.11, <13.11.5
    - Gitlab >=13.12, <13.12.2
--------
** POC
    - [[./CVE-2021-22214.py][Python-Poc]]
--------
** Reference
    - POC
        - [[https://github.com/r0ckysec/CVE-2021-22214][r0ckysec/CVE-2021-22214]]
    - CVE
        - [[https://github.com/CVEProject/cvelist/blob/master/2021/22xxx/CVE-2021-22214.json][CVE-2021-22214]]