GitLab 10.5.x < 13.10.5 / 13.11.x < 13.11.5 / 13.12.x < 13.12.2 Server-Side Request Forgery

high Web App Scanning Plugin ID 113091

Language:

Synopsis

GitLab 10.5.x < 13.10.5 / 13.11.x < 13.11.5 / 13.12.x < 13.12.2 Server-Side Request Forgery

Description

GitLab CE/EE versions starting from 10.5 before 13.10.5, 13.11 before 13.11.5 and 13.12 before 13.12.2 suffer from a server-side request forgery vulnerability when requests to the internal network for webhooks are enabled. An unauthenticated attacker could leverage this issue to make the target server perform blind network requests to arbitrary hosts.

Solution

Upgrade to GitLab version 13.10.5 / 13.11.5 / 13.12.2 or later.

See Also

https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/

Plugin Details

Severity: High

ID: 113091

Type: remote

Family: Component Vulnerability

Published: 4/21/2022

Updated: 4/21/2022

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2021-22214

CVSS v3

Risk Factor: High

Base Score: 8.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CVSS Score Source: CVE-2021-22214

Vulnerability Information

CPE: cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2021-22214

CWE: 918

OWASP: 2010-A6, 2013-A5, 2013-A9, 2017-A6, 2017-A9, 2021-A10, 2021-A6

WASC: Application Misconfiguration

DISA STIG: APSC-DV-002560, APSC-DV-002630

HIPAA: 164.306(a)(1), 164.306(a)(2)

ISO: 27001-A.14.2.5

NIST: sp800_53-CM-6b

OWASP API: 2019-API7, 2023-API7, 2023-API8

OWASP ASVS: 4.0.2-14.2.1, 4.0.2-5.2.6

PCI-DSS: 3.2-6.2, 3.2-6.5.9