CVE-2021-22205& GitLab CE/EE RCE
Vuln Impact
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
Vuln Product
- Gitlab CE/EE < 13.10.3
- Gitlab CE/EE < 13.9.6
- Gitlab CE/EE < 13.8.8
Environment
export GITLAB_HOME=/srv/gitlab
sudo docker run --detach
--hostname gitlab.example.com
--publish 443:443 --publish 80:80
--name gitlab
--restart always
--volume $GITLAB_HOME/config:/etc/gitlab