CVE-2021-22205 Scanner
Detects 'Remote Code Execution (RCE)' vulnerability in GitLab affects v. from 11.9 to 13.8.8, from 13.9 to 13.9.6, from 13.10 to 13.10.3.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Time Interval
768 sec
Scan only one
Domain, Ipv4
Toolbox
-
GitLab is a web-based Git repository manager that provides a collaborative platform for software development. The platform offers a wide range of features, including issue tracking, continuous integration, and deployment. Developed by GitLab Inc., the GitLab software is designed to help teams to work together on projects more effectively.
Recently, a vulnerability named CVE-2021-22205 has been detected in GitLab, which affects all versions starting from 11.9. This vulnerability arises due to the lack of proper validation of image files that are passed to a file parser, resulting in remote command execution. This can allow attackers to execute arbitrary code on the GitLab server hosting the vulnerable code.
The exploitation of this vulnerability can result in the compromise of sensitive data stored within the GitLab platform, including user credentials, key SSH files, and confidential project information. Additionally, attackers can use the compromised GitLab server as a launching pad for further attacks against other assets.
At s4e.io, we provide comprehensive security solutions to help organizations protect their digital assets against vulnerabilities like CVE-2021-22205. With our pro features, users can quickly and easily learn about vulnerabilities in their systems and take action to secure them. Be proactive in your approach to security, and protect your business from cyber threats with s4e.io.
REFERENCES
- http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html
- http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html
- https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22205.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/327121
- https://hackerone.com/reports/1154542