CyberSec.Space Logo
Back to CVE Browser

CVE-2021-22175

Known Exploited (CISA KEV)MEDIUM
6.8
CVSS Severity Score
EPSS Score26.5030%
EPSS Percentile98.13th
PublishedJun 11, 2021
Last ModifiedFeb 20, 2026

Vulnerability Description

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled

Affected Platforms (CPE)

πŸ“¦
Gitlab

Gitlab

>= 10.5.0 and < 13.6.7
πŸ“¦
Gitlab

Gitlab

>= 10.5.0 and < 13.6.7
πŸ“¦
Gitlab

Gitlab

>= 13.7.0 and < 13.7.7
πŸ“¦
Gitlab

Gitlab

>= 13.7.0 and < 13.7.7
πŸ“¦
Gitlab

Gitlab

>= 13.8.0 and < 13.8.4
πŸ“¦
Gitlab

Gitlab

>= 13.8.0 and < 13.8.4

References & Advisories

πŸ”— https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json
πŸ”— https://gitlab.com/gitlab-org/gitlab/-/issues/294178
πŸ”— https://hackerone.com/reports/1059596
πŸ”— https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json
πŸ”— https://gitlab.com/gitlab-org/gitlab/-/issues/294178
πŸ”— https://hackerone.com/reports/1059596
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22175

Related Vulnerabilities

CVE-2020-541510.0

Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoo...

CVE-2021-2220510.0

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image f...

CVE-2019-917410.0

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1....

CVE-2018-1884310.0

The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSR...