vulnerability
Gitlab: CVE-2021-22205: Unauthenticated Remote Code Execution
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Apr 23, 2021 | Nov 4, 2021 | May 3, 2022 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Apr 23, 2021
Added
Nov 4, 2021
Modified
May 3, 2022
Description
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
This check requires the Metasploit Remote Check Service to be enabled on Scan Engines. Please see the Metasploit Remote Check Service documentation for instructions on how to enable this functionality.
Solution
gitlab-cve-2021-22205
References
- CVE-2021-22205
- https://attackerkb.com/topics/CVE-2021-22205
- https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/
- https://www.rapid7.com/blog/post/2021/11/01/gitlab-unauthenticated-remote-code-execution-cve-2021-22205-exploited-in-the-wild/
- https://attackerkb.com/topics/D41jRUXCiJ/cve-2021-22205/rapid7-analysis
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.