← Voltar para CVEs
CVE-2021-39935
MEDIUMCISA KEV6.8
Descricao
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API
Detalhes CVE
Pontuacao CVSS v3.16.8
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeHIGH
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado12/13/2021
Ultima modificacao2/4/2026
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorGitLab
ProdutoCommunity and Enterprise Editions
Nome da vulnerabilidadeGitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability
Data inclusao KEV2026-02-03
Prazo de remediacao2026-02-24
Uso em ransomwareUnknown
Produtos afetados
gitlab:gitlab
Fraquezas (CWE)
CWE-918CWE-918
Referencias
https://gitlab.com/gitlab-org/gitlab/-/issues/346187(cve@gitlab.com)
https://hackerone.com/reports/1236965(cve@gitlab.com)
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39935.json(af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/gitlab-org/gitlab/-/issues/346187(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1236965(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-39935(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.