BDU:2021-05738

Scores

EPSS Score

0.0000

CVSS

3.x 10.0

Vector: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

All CVSS Scores

CVSS 4.0

0.0

CVSS 3.x

10.0

Vector: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS 2.0

6.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Description

Уязвимость программной платформы на базе git для совместной работы над кодом GitLab связана с недостаточной проверкой входных данных при синтаксическом анализе файлов изображений. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольные команды

Sources

bdu

Related Vulnerabilities

CVE-2021-22205

Reference Links

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22205

http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html

http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22205.json

https://gitlab.com/gitlab-org/gitlab/-/issues/327121

https://hackerone.com/reports/1154542

https://nvd.nist.gov/vuln/detail/CVE-2021-22205

https://github.com/RedTeamWing/CVE-2021-22205

https://github.com/Al1ex/CVE-2021-22205

https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv

Vulnerable Software

Type: Configuration

Vendor: gitlab inc.

Product: gitlab

Operating System: * *

Trait:

{
  "version_end_excluding": "13.8.8",
  "version_start_including": "11.9.0"
}

Source: bdu

Type: Configuration

Vendor: gitlab inc.

Product: gitlab

Operating System: * *

Trait:

{
  "version_end_excluding": "13.9.6",
  "version_start_including": "13.9.0"
}

Source: bdu

Type: Configuration

Vendor: gitlab inc.

Product: gitlab

Operating System: * *

Trait:

{
  "version_end_excluding": "13.10.3",
  "version_start_including": "13.10.0"
}

Source: bdu