Skip to content
/ CVE-2021-22205 Public

Gitlab CE/EE RCE 未授权远程代码执行漏洞 POC && EXP CVE-2021-22205

License

MIT license
7 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ZZ-SOCMAP/CVE-2021-22205

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.gitignore
.gitignore
 
 
CVE-2021-22205.py
CVE-2021-22205.py
 
 
LICENSE
LICENSE
 
 
README.org
README.org
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

CVE-2021-22205

Description

  • POC for CVE-2021-22205: Gitlab CE/EE RCE 未授权远程代码执行漏洞 POC && EXP
  • create by antx at 2021-10-29.

Detail

  • An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.

CVE Severity

  • attackComplexity: LOW
  • attackVector: NETWORK
  • availabilityImpact: HIGH
  • confidentialityImpact: HIGH
  • integrityImpact: HIGH
  • privilegesRequired: NONE
  • scope: CHANGED
  • userInteraction: NONE
  • version: 3.1
  • baseScore: 10
  • baseSeverity: CRITICAL

Affect

  • Gitlab CE/EE < 13.10.3
  • Gitlab CE/EE < 13.9.6
  • Gitlab CE/EE < 13.8.8

POC

Reference

About

Gitlab CE/EE RCE 未授权远程代码执行漏洞 POC && EXP CVE-2021-22205

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

7 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages