Share
## https://sploitus.com/exploit?id=7216751D-367F-5D68-BBFC-F5DF2584DEC5
* CVE-2021-22205
--------
** Description
- POC for CVE-2021-22205: Gitlab CE/EE RCE 未授权远程代码执行漏洞 POC && EXP
- create by antx at 2021-10-29.
--------
** Detail
- An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
--------
** CVE Severity
- attackComplexity: LOW
- attackVector: NETWORK
- availabilityImpact: HIGH
- confidentialityImpact: HIGH
- integrityImpact: HIGH
- privilegesRequired: NONE
- scope: CHANGED
- userInteraction: NONE
- version: 3.1
- baseScore: 10
- baseSeverity: CRITICAL
--------
** Affect
- Gitlab CE/EE < 13.10.3
- Gitlab CE/EE < 13.9.6
- Gitlab CE/EE < 13.8.8
--------
** POC
- [[./CVE-2021-22205.py][Python-Poc]]
--------
** Reference
- POC
- [[https://github.com/mr-r3bot/Gitlab-CVE-2021-22205][mr-r3bot/Gitlab-CVE-2021-22205]]
- [[https://github.com/RedTeamWing/CVE-2021-22205][RedTeamWing/CVE-2021-22205]]
- [[https://github.com/r0eXpeR/CVE-2021-22205][r0eXpeR/CVE-2021-22205]]
- Article
- [[https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/][Gitlab-Security-Release]]
- [[https://www.freebuf.com/news/303441.html][高危漏洞曝光半年之久,超一半的GitLab 服务器仍未修复]]
- CVE
- [[https://github.com/CVEProject/cvelist/blob/master/2021/22xxx/CVE-2021-22205.json][CVE-2021-22205]]