CVE-2021-22175 - Server-Side Request Forgery in GitLab Webhooks

[princechaddha]

Is there an existing template for this?

• I have searched the existing templates.

Template requests

Template Request

Title: CVE-2021-22175 - Server-Side Request Forgery in GitLab Webhooks

Description:
GitLab versions starting from 10.5 contain a server-side request forgery (SSRF) vulnerability that could be exploited by an unauthenticated attacker to send requests to the internal network. This vulnerability occurs in the webhook functionality of GitLab, even on instances where user registration is disabled, allowing potential unauthorized access to internal services.

Severity:
Critical (CVSS: 9.8, Vector: [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H])

EPSS:

• Score: 0.00845
• Percentile: 0.82644

PoCs:

• No PoCs available

References:

• GitLab CVE Details
• GitLab Issue Tracker
• HackerOne Report
• Vendor Advisory

Patch URLs:

• No patch URLs available

Nuclei Templates:

• No Nuclei templates available

Weaknesses:

• CWE-918: Server-Side Request Forgery (SSRF)

Shodan:

• Count: 107466
• Title: “GitLab”
• CPE: “cpe:2.3:a:gitlab:gitlab”

Vulnerable CPE:

• cpe:2.3:a:gitlab:gitlab:::::community:::*
• cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

OSS:

• No OSS information available

Anything else?

No response

[princechaddha]

/bounty $100

[algora-pbc]

💎 $100 bounty • ProjectDiscovery Bounty Available for CVE Template Contribution

Steps to Contribute:

• Claim attempt: Comment /attempt #11182 on this issue to claim attempt.
• Write the Template: Create a high-quality Nuclei template for the specified CVE, following our Contribution Guidelines and Acceptance Criteria.
• Submit the Template: Open a pull request (PR) to projectdiscovery/nuclei-templates and include /claim #11182 in the PR body to claim the bounty.
• Receive Payment: Upon successful merge of your PR, you will receive 100% of the bounty through Algora.io within 2-5 days. Ensure you are eligible for payouts.

Thank you for contributing to projectdiscovery/nuclei-templates and helping us democratize security!

Acceptance Criteria: The template must include a complete POC and should not rely solely on version-based detection. Contributors are required to provide debug data(-debug) along with the template to help the triage team with validation. Rewards will only be given once the template is fully validated by the team. Templates that are incomplete or invalid will not be accepted. Avoid adding code templates for CVEs that can be achieved using HTTP, TCP, or JavaScript. Such templates are blocked by default and won’t produce results, so we prioritize creating templates with other protocols unless exceptions are made.
You can check the FAQ for the Nuclei Templates Community Rewards Program here.

Add a bounty • Share on socials

Attempt	Started (GMT+0)	Solution
🔴 @CodeStuffBreakThings	Nov 11, 2024, 5:32:05 PM	WIP

[CodeStuffBreakThings]

/attempt #11182

Options

• Cancel my attempt

[ehsandeep]

is it duplicate of CVE-2021-22214?

[CodeStuffBreakThings]

Ahh, yeah it looks it

[CodeStuffBreakThings]

@princechaddha I understand if the bounty is removed as it turns out a detection template already exists at http/cves/2021/CVE-2021-22214.yaml that also applies to CVE-2021-22175

[princechaddha]

@CodeStuffBreakThings, I will go ahead and close this issue since the CVE was added after I validated using cvemap to check if the CVE has a template. Good luck with the other open issue up for reward. Thanks.

[algora-pbc]

The bounty is up for grabs! Everyone is welcome to /attempt #11182 🙌