GitLab

CVE-2021-22205& GitLab CE/EE RCE

Vuln Impact

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.

Vuln Product

  • Gitlab CE/EE < 13.10.3
  • Gitlab CE/EE < 13.9.6
  • Gitlab CE/EE < 13.8.8

Environment

export GITLAB_HOME=/srv/gitlab


sudo docker run --detach

  --hostname gitlab.example.com

  --publish 443:443 --publish 80:80

  --name gitlab

  --restart always

  --volume $GITLAB_HOME/config:/etc/gitlab


 


 




 


To finish reading, please visit source site