Server-Side Request Forgery Vulnerability in GitLab Allows Unauthenticated Attackers to Exploit Webhook Requests

Server-Side Request Forgery Vulnerability in GitLab Allows Unauthenticated Attackers to Exploit Webhook Requests

CVE-2021-22175 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled

Learn more about our Web App Pen Testing.