CVE-2021-22205
GitLab Community and Enterprise Editions Remote Code Execution Vulnerability
Severity Score
10.0
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
25
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
-
*SSVC
Descriptions
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
Se ha detectado un problema en GitLab CE/EE que afecta a todas las versiones a partir de 11.9. GitLab no estaba comprobado apropiadamente archivos de imagen que fueron pasados a un analizador de archivos, lo que resultó en una ejecución de comando remoto
GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.
*Credits:
Thanks vakzz for reporting this vulnerability through our HackerOne bug bounty program
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-05 CVE Reserved
- 2021-04-23 CVE Published
- 2021-10-28 First Exploit
- 2021-11-03 Exploited in Wild
- 2021-11-17 KEV Due Date
- 2024-08-03 CVE Updated
- 2024-10-31 EPSS Updated
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (27)
| URL | Tag | Source |
|---|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/issues/327121 | Broken Link |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22205.json | 2022-07-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | >= 11.9.0 < 13.8.8 Search vendor "Gitlab" for product "Gitlab" and version " >= 11.9.0 < 13.8.8" | community |
Affected
| ||||||
| Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | >= 11.9.0 < 13.8.8 Search vendor "Gitlab" for product "Gitlab" and version " >= 11.9.0 < 13.8.8" | enterprise |
Affected
| ||||||
| Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | >= 13.9.0 < 13.9.6 Search vendor "Gitlab" for product "Gitlab" and version " >= 13.9.0 < 13.9.6" | community |
Affected
| ||||||
| Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | >= 13.9.0 < 13.9.6 Search vendor "Gitlab" for product "Gitlab" and version " >= 13.9.0 < 13.9.6" | enterprise |
Affected
| ||||||
| Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | >= 13.10.0 < 13.10.3 Search vendor "Gitlab" for product "Gitlab" and version " >= 13.10.0 < 13.10.3" | community |
Affected
| ||||||
| Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | >= 13.10.0 < 13.10.3 Search vendor "Gitlab" for product "Gitlab" and version " >= 13.10.0 < 13.10.3" | enterprise |
Affected
| ||||||