← Volver a CVEs
CVE-2021-39935
MEDIUMCISA KEV6.8
Descripcion
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API
Detalles CVE
Puntuacion CVSS v3.16.8
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadHIGH
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado12/13/2021
Ultima modificacion2/4/2026
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorGitLab
ProductoCommunity and Enterprise Editions
Nombre vulnerabilidadGitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability
Fecha inclusion KEV2026-02-03
Fecha limite remediacion2026-02-24
Uso en ransomwareUnknown
Productos afectados
gitlab:gitlab
Debilidades (CWE)
CWE-918CWE-918
Referencias
https://gitlab.com/gitlab-org/gitlab/-/issues/346187(cve@gitlab.com)
https://hackerone.com/reports/1236965(cve@gitlab.com)
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39935.json(af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/gitlab-org/gitlab/-/issues/346187(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1236965(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-39935(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.