Vulnerability Details : CVE-2021-22205
Public exploit exists!
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
Products affected by CVE-2021-22205
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
CVE-2021-22205 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
GitLab Community and Enterprise Editions Remote Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2021-22205
Added on
2021-11-03
Action due date
2021-11-17
Exploit prediction scoring system (EPSS) score for CVE-2021-22205
97.37%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2021-22205
-
GitLab Unauthenticated Remote ExifTool Command Injection
Disclosure Date: 2021-04-14First seen: 2022-12-23exploit/multi/http/gitlab_exif_rceThis module exploits an unauthenticated file upload and command injection vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE). The patched versions are 13.10.3, 13.9.6, and 13.8.8. Exploitation will result in command executio
CVSS scores for CVE-2021-22205
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
10.0
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
3.9
|
6.0
|
GitLab Inc. | |
10.0
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
3.9
|
6.0
|
NIST |
CWE ids for CVE-2021-22205
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-22205
-
http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html
GitLab 13.10.2 Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://gitlab.com/gitlab-org/gitlab/-/issues/327121
Not FoundBroken Link
-
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22205.json
2021/CVE-2021-22205.json · master · GitLab.org / cves · GitLabVendor Advisory
-
https://hackerone.com/reports/1154542
Sign inPermissions Required;Third Party Advisory
-
http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html
GitLab Unauthenticated Remote ExifTool Command Injection ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Jump to