CVE-2021-22175

CriticalKnown Exploited

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all…

GitLab·CWE-918·Published 2021-06-11

CVSS

9.8

EPSS

0.53

KEV

Yes

Exploits

cve.orgen

272 chars

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled

NVDen

272 chars

NVDes

308 chars

Cuando se habilitan las peticiones a la red interna para los webhooks, una vulnerabilidad de tipo server-side request forgery en GitLab que afecta a todas las versiones desde 10.5, era posible explotar por un atacante no autenticado incluso en una instancia de GitLab en la que el registro está deshabilitado

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	6.8	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
3.1	Primary	cve.org	6.8	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
3.1	Secondary	NVD	6.8	2.2	4.0	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N