CVE-2021-22205
Scores
EPSS Score
0.9448
CVSS
3.x 10.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
All CVSS Scores
CVSS 4.0
0.0CVSS 3.x
10.0Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS 2.0
7.5Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Description
Обнаружена проблема в GitLab CE/EE, затрагивающая все версии, начиная с 11.9. GitLab неправильно проверял файлы изображений, которые передавались в анализатор файлов, что приводило к удаленному выполнению команд.
Sources
debiannvdubuntu
CWEs
CWE-94
Related Vulnerabilities
Exploits
Exploit ID: CVE-2021-22205
Source: cisa
URL: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Reference Links
Vulnerable Software
Type: Configuration
Product: gitlab
Operating System: ubuntu xenial 16.04
Trait:
{
"unfixed": true
}Source: ubuntu
Type: Configuration
Product: gitlab
Operating System: debian
Trait:
{
"fixed": "15.10.8+ds1-2"
}Source: debian
Type: Configuration
Vendor: gitlab
Product: gitlab
Operating System: * * *
Trait:
{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionEndExcluding": "13.8.8",
"versionStartIncluding": "11.9.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "13.8.8",
"versionStartIncluding": "11.9.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionEndExcluding": "13.9.6",
"versionStartIncluding": "13.9.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "13.9.6",
"versionStartIncluding": "13.9.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionEndExcluding": "13.10.3",
"versionStartIncluding": "13.10.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "13.10.3",
"versionStartIncluding": "13.10.0",
"vulnerable": true
}
],
"operator": "OR"
}Source: nvd