VDB
CVE-2021-22214
CVE-2021-22214
PUBLISHED
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited
EPSS 93.66% · 99.9th percentile
Risk Scores
EPSS Score
93.66%
99.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | gitlab | 10.5.0, 13.11.0, 13.12.0 |
| Bitnami | gitlab | 13.11.0, 13.12.0, 10.5.0 |
Exploit Intelligence
- Gitlab SSRF (github-poc-repo)
- Gitlab SSRF (github-poc-repo)
- Gitlab SSRF (github-poc-repo)
- Gitlab SSRF (github-poc-repo)
- Gitlab SSRF (github-poc-repo)
- Gitlab SSRF (github-poc-repo)
- Gitlab SSRF (github-poc-repo)
- Gitlab CI Lint API未授权 SSRF漏洞 CVE-2021-22214 (github-poc)
- Gitlab CI Lint API未授权 SSRF漏洞 CVE-2021-22214 (github-poc)
- Gitlab CI Lint API未授权 SSRF漏洞 CVE-2021-22214 (github-poc)
…and 55 more exploits
Timeline
- Jun 8, 2021 CVE Published
- Jun 9, 2021 EPSS Score
- Jun 19, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 13, 2023 EPSS Score
- Mar 28, 2023 EPSS Score
- Apr 25, 2023 EPSS Score
- Apr 27, 2023 PoC Published
- May 8, 2023 EPSS Score
- Jun 22, 2023 EPSS Score
- Aug 2, 2023 EPSS Score