Giters

M0r41 / CVE-2021-22205

Gitlab CE/EE RCE 未授权远程代码执行漏洞 POC && EXP CVE-2021-22205

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2021-22205

Description

  • POC for CVE-2021-22205: Gitlab CE/EE RCE 未授权远程代码执行漏洞 POC && EXP
  • create by antx at 2021-10-29.

Detail

  • An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.

CVE Severity

  • attackComplexity: LOW
  • attackVector: NETWORK
  • availabilityImpact: HIGH
  • confidentialityImpact: HIGH
  • integrityImpact: HIGH
  • privilegesRequired: NONE
  • scope: CHANGED
  • userInteraction: NONE
  • version: 3.1
  • baseScore: 10
  • baseSeverity: CRITICAL

Affect

  • Gitlab CE/EE < 13.10.3
  • Gitlab CE/EE < 13.9.6
  • Gitlab CE/EE < 13.8.8

POC

Reference

About

Gitlab CE/EE RCE 未授权远程代码执行漏洞 POC && EXP CVE-2021-22205

License:MIT License

Languages

Language:Python 100.0%