vulnerability
Gitlab: CVE-2021-22205: Unauthenticated Remote Code Execution
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | 2021-04-23 | 2021-11-04 | 2022-05-03 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
2021-04-23
Added
2021-11-04
Modified
2022-05-03
Description
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
This check requires the Metasploit Remote Check Service to be enabled on Scan Engines. Please see the Metasploit Remote Check Service documentation for instructions on how to enable this functionality.
Solution
gitlab-cve-2021-22205
References
- CVE-2021-22205
- https://attackerkb.com/topics/CVE-2021-22205
- URL-https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/
- URL-https://www.rapid7.com/blog/post/2021/11/01/gitlab-unauthenticated-remote-code-execution-cve-2021-22205-exploited-in-the-wild/
- URL-https://attackerkb.com/topics/D41jRUXCiJ/cve-2021-22205/rapid7-analysis
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.