CVE-2021-22214
Description
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited
NVD
Severity: HIGH
CVE ID: CVE-2021-22214
CVSS Score: 8.6
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
GitLab Inc.
Severity: MEDIUM
CVE ID: CVE-2021-22214
CVSS Score: 6.8
CVSS Metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Proof Of Concept
Nuclei Templates for CVE-2021-22214
Refrence: Project Discovery GitHub
aaminin
Gitlab CI Lint API未授权 SSRF漏洞 (CVE-2021-22214)
Refrence: GitHub
Vulnmachines
Gitlab SSRF
Refrence: GitHub
antx-code
Gitlab CI Lint API未授权 SSRF漏洞 CVE-2021-22214
Refrence: GitHub
kh4sh3i
POC for CVE-2021-22214: Gitlab SSRF
Refrence: GitHub