CVE-2021-22175.md

CVE-2021-22175

Description

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled

POC

Reference

• https://gitlab.com/gitlab-org/gitlab/-/issues/294178

Github

• https://github.com/vin01/CVEs