CVE-2021-22214 - log back

CVE-2021-22214 edited at 08 Jun 2021 17:00:16
Description
- When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited.
+ When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 before 13.12.2 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited.
References
https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/
https://gitlab.com/gitlab-org/gitlab/-/issues/322926
https://hackerone.com/reports/1110131
CVE-2021-22214 edited at 08 Jun 2021 16:55:44
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Access restriction bypass
Description
+ When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited.
References
+ https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/
+ https://gitlab.com/gitlab-org/gitlab/-/issues/322926
+ https://hackerone.com/reports/1110131
CVE-2021-22214 created at 08 Jun 2021 16:32:39
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes