Share
## https://sploitus.com/exploit?id=85061E4D-4D82-56B5-94E7-5C1DBD5DD52B
# CVE-2021-22205

This is the deployment for Gitlab Enterprise Edition (13.9.5) that is vulnerable to [CVE-2021-22205](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22205) using Docker container.

## Description:

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.

## Requirement:

Required atleast 4 CPU, 8GB RAM and 160GB Storage if using Digital Ocean's droplet. (Monthly around $40 only)

## Setup:

```
docker-compose up --build -d 
```

## Volumes:

- ./config:/etc/gitlab
- ./logs:/var/log/gitlab
- ./data:/var/opt/gitlab

## References:

- https://www.rapid7.com/blog/post/2021/11/01/gitlab-unauthenticated-remote-code-execution-cve-2021-22205-exploited-in-the-wild/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22205
- https://about.gitlab.com/blog/2021/11/04/action-needed-in-response-to-cve2021-22205/
- https://nvd.nist.gov/vuln/detail/CVE-2021-22205