← Back to CVEs
CVE-2021-39935
MEDIUMCISA KEV6.8
Description
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API
CVE Details
CVSS v3.1 Score6.8
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
Published12/13/2021
Last Modified2/4/2026
Sourcekev
Honeypot Sightings0
CISA KEV
VendorGitLab
ProductCommunity and Enterprise Editions
Vulnerability NameGitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability
KEV Date Added2026-02-03
Remediation Due Date2026-02-24
Ransomware UseUnknown
Affected Products
gitlab:gitlab
Weaknesses (CWE)
CWE-918CWE-918
References
https://gitlab.com/gitlab-org/gitlab/-/issues/346187(cve@gitlab.com)
https://hackerone.com/reports/1236965(cve@gitlab.com)
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39935.json(af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/gitlab-org/gitlab/-/issues/346187(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1236965(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-39935(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.