CVE-2021-22214 Scanner
Detects 'Server-Side Request Forgery (SSRF)' vulnerability in GitLab affects v. from 10.5 to 13.10.5,from 13.11 to 13.11.5, from 13.12 to 13.12.2.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
15 seconds
Time Interval
30 days
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
GitLab is a web-based Git repository manager that is used for version control, source code management, and continuous integration and delivery. It enables developers to collaborate on code, track bugs, and monitor performance, all from a single platform.
A critical vulnerability, CVE-2021-22214, has been detected in GitLab CE/EE that affects all versions starting from 10.5. This vulnerability enables an unauthenticated attacker, even on a GitLab instance where registration is limited, to exploit a server-side request forgery vulnerability when webhooks are enabled within the internal network.
When this vulnerability is exploited, it can lead to malicious actors gaining unauthorized access to sensitive data stored on the GitLab instance. This includes confidential source code, customer information, and other sensitive business data that could be used for cyber espionage, corporate espionage, or ransomware attacks.
Thanks to the pro features of the s4e.io platform, those who are concerned about the security of their digital assets can easily and quickly learn about vulnerabilities and receive real-time alerts to mitigate risks in a timely manner. By staying informed and taking proactive measures, businesses can better protect their digital assets and reduce the risk of cyber attacks.
REFERENCES
