Unauthenticated Server-Side Request Forgery Vulnerability in GitLab CE/EE (Versions 10.5 and above) with Enabled Internal Network Webhooks

Unauthenticated Server-Side Request Forgery Vulnerability in GitLab CE/EE (Versions 10.5 and above) with Enabled Internal Network Webhooks

CVE-2021-22214 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited

Learn more about our Web App Pen Testing.