Lucene search

Veracode Vulnerability DatabaseVERACODE:42302

HistoryAug 06, 2023 - 2:35 p.m.

Server-Side Request Forgery (SSRF)

2023-08-0614:35:33

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.093 Low

EPSS

Percentile

94.7%

JSON

gitlab is vulnerable to Server-Side Request Forgery (SSRF) . This vulnerability occurs due to a flaw in the way that GitLab handles requests to the internal network for webhooks. An attacker can exploit this vulnerability to make HTTP requests to arbitrary domains of the attacker’s choosing.

CPENameOperatorVersion
gitlab:sideq13.3.9-1
gitlab:sideq13.4.7-2
gitlab:sideq13.3.9-1
gitlab:sideq13.4.7-2

Name	Operator	Version
gitlab:sid	eq	13.3.9-1
gitlab:sid	eq	13.4.7-2
gitlab:sid	eq	13.3.9-1
gitlab:sid	eq	13.4.7-2

References

gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22214.json

gitlab.com/gitlab-org/gitlab/-/issues/322926

hackerone.com/reports/1110131

security-tracker.debian.org/tracker/CVE-2021-22214

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.093 Low

EPSS

Percentile

94.7%

JSON

Related for VERACODE:42302