Vulnerabilities > CVE-2021-22178 - Server-Side Request Forgery (SSRF) vulnerability in Gitlab

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
gitlab
CWE-918
NVD
Published: 2021-03-24
Updated: 2021-03-26

Summary

An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration.

Vulnerable Configurations

Part Description Count
Application
Gitlab
99

Common Weakness Enumeration (CWE)

References