漏洞描述
GitLab是由GitLabInc.开发,使用MIT许可证的基于网络的Git仓库管理工具,具有issue跟踪功能。它使用Git作为代码管理工具,并在此基础上搭建起来的web服务。当启用对内部网络的webhooks 请求时,GitLab CE/EE 中的服务器端请求伪造漏洞影响从 10.5 开始的所有版本,即使在注册受限的 GitLab实例上也可能被未经身份验证的攻击者利用。
Gitlab CI lint API 前台SSRF(CVE-2021-22214)
PoC代码
暂无相关漏洞推荐
- gitlab-api-user-enum: GitLab - User Information Disclosure Via Open API
- POC CVE-2024-45409: GitLab - SAML Authentication Bypass
- POC CVE-2025-25291: GitLab - SAML Authentication Bypass
- POC CVE-2019-6793: GitLab Enterprise Edition - Server-Side Request Forgery
- POC CVE-2020-2096: Jenkins Gitlab Hook <=1.4.2 - Cross-Site Scripting
- POC CVE-2020-26413: Gitlab CE/EE 13.4 - 13.6.2 - Information Disclosure
- POC CVE-2021-22205: GitLab CE/EE - Remote Code Execution
- POC CVE-2021-22214: Gitlab CE/EE 10.5 - Server-Side Request Forgery
- POC CVE-2021-4191: GitLab GraphQL API User Enumeration
- POC CVE-2022-0735: GitLab CE/EE - Information Disclosure
- POC CVE-2022-1162: GitLab CE/EE - Hard-Coded Credentials
- POC CVE-2022-2185: GitLab CE/EE - Remote Code Execution
- POC CVE-2023-2825: GitLab 16.0.0 - Path Traversal