CVE-2021-22175 – GitLab Server-Side Request Forgery
“A single webhook request could turn GitLab into a gateway into the internal network. This vulnerability allows unauthenticated attackers to force the server to make internal requests, exposing sensitive systems and services that should never be reachable.”
GitLab released a security patch addressing a Server-Side Request Forgery (SSRF) vulnerability affecting GitLab Community Edition (CE) and Enterprise Edition (EE). The issue occurs when requests to the internal network for webhooks are enabled, allowing an attacker to trigger the GitLab server to send requests to internal services. An unauthenticated attacker could exploit this weakness even if user registration is disabled, potentially exposing internal infrastructure or sensitive data.
The vulnerability is tracked as CVE-2021-22175 and carries a CVSS v3.1 score of 6.8 (Medium) from GitLab’s CNA record. The NVD analysis assigns a CVSS v3.1 score of 9.8 (Critical) due to the potential for remote exploitation without authentication and the high impact on confidentiality, integrity, and availability.
Successful exploitation could allow attackers to probe internal network resources, access internal HTTP services, and retrieve sensitive responses from systems not exposed to the internet. Public proof-of-concept exploit code has been reported for this vulnerability. The issue affects GitLab versions starting from 10.5 and was addressed in patched releases 13.6.7, 13.7.7, and 13.8.4.