Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create CVE-2021-22175.yaml #11192

Closed
wants to merge 4 commits into from
Closed

Create CVE-2021-22175.yaml #11192

wants to merge 4 commits into from

Conversation

CodeStuffBreakThings
Copy link

Template / PR Information

/claim #11182

Template Validation

I've validated this template locally?

  • YES
  • NO

Additional Details (leave it blank if not applicable)

This vulnerability is exploitable when the impacted GitLab versions have the Allow requests to the local network from webhooks and integrations setting enabled.

In this detection template, the vulnerable GitLab instance sends an HTTP request to the GitLab Node Exporter which is bound to 127.0.0.1:9100 by default

Additional References:

@algora-pbc algora-pbc bot mentioned this pull request Nov 11, 2024
Closed
1 task
@algora-pbc Algora PBC
Copy link

algora-pbc bot commented Nov 11, 2024

👉 To complete your submission, sign up on Algora, link your Github account and submit the data for your PR.

@CodeStuffBreakThings
Copy link
Author

I set up an instance of GitLab CE 13.8.3 with the "Allow requests to the local network from webhooks and integrations" setting enabled and was able to use the detection template to successfully exploit the SSRF vulnerability. Let me know if I need to provide any screenshots or packet captures, or if any other information is needed from me.
Thank you!

@DhiyaneshGeek DhiyaneshGeek self-assigned this Nov 12, 2024
@DhiyaneshGeek DhiyaneshGeek added the Done Ready to merge label Nov 12, 2024
@DhiyaneshGeek DhiyaneshGeek added good first issue Good for newcomers duplicate This issue or pull request already exists and removed good first issue Good for newcomers Done Ready to merge labels Nov 12, 2024
@DhiyaneshGeek
Copy link
Member

DhiyaneshGeek commented Nov 12, 2024
edited
Loading

Closing this since it was a duplicate of http/cves/2021/CVE-2021-22214.yaml, the bounty claim was raised by mistake sorry about this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ritikchaddha ritikchaddha Awaiting requested review from ritikchaddha

Assignees

@DhiyaneshGeek DhiyaneshGeek

Labels
🙋 Bounty claim duplicate This issue or pull request already exists
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@CodeStuffBreakThings @DhiyaneshGeek