← back
CVE-2021-22205

CVE-2021-22205

CVSS 10 CRITICALEPSS 99.7%● KEVCWE-94
In short

GitLab failed to properly validate image files uploaded to the system, allowing attackers to execute arbitrary commands remotely on the server. This is critical because it gives attackers complete control over the affected GitLab instance.

Technical detail

A file parser in GitLab CE/EE (versions 11.9+) insufficiently validates image file inputs before processing, enabling unauthenticated remote code execution via crafted image uploads. The vulnerability stems from improper input sanitization in the image handling pipeline, allowing injection of executable code that runs with GitLab process privileges.

Summary generated and translated by AI from the official description.
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
GitLab · GitLab
public PoCs found28
githubgithub.com/Al1ex/CVE-2021-22205284githubgithub.com/inspiringz/CVE-2021-22205238githubgithub.com/mr-r3bot/Gitlab-CVE-2021-22205181githubgithub.com/XTeam-Wing/CVE-2021-2220586githubgithub.com/r0eXpeR/CVE-2021-2220569githubgithub.com/whwlsfb/CVE-2021-2220523githubgithub.com/c0okB/CVE-2021-2220513githubgithub.com/keven1z/CVE-2021-2220512githubgithub.com/ZZ-SOCMAP/CVE-2021-222057githubgithub.com/faisalfs10x/GitLab-CVE-2021-22205-scanner6githubgithub.com/runsel/GitLab-CVE-2021-22205-3githubgithub.com/shang159/CVE-2021-22205-getshell3githubgithub.com/pizza-power/Golang-CVE-2021-22205-POC3githubgithub.com/findneo/GitLab-preauth-RCE_CVE-2021-222052githubgithub.com/DIVD-NL/GitLab-cve-2021-22205-nse1githubgithub.com/NukingDragons/gitlab-cve-2021-222051githubgithub.com/w0x68y/Gitlab-CVE-2021-222051githubgithub.com/hh-hunter/cve-2021-222050githubgithub.com/ccordeiro/CVE-2021-222050githubgithub.com/devdanqtuan/CVE-2021-222050githubgithub.com/cc3305/CVE-2021-222050githubgithub.com/hhhotdrink/CVE-2021-222050githubgithub.com/sei-fish/CVE-2021-222050githubgithub.com/overgrowncarrot1/DejaVu-CVE-2021-222050githubgithub.com/Hikikan/CVE-2021-222050exploitdbwww.exploit-db.com/exploits/50532unverifiedcve_referencepacketstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.htmlhttp://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.htmlhttps://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22205.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/327121https://hackerone.com/reports/1154542https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22205