CVE-2021-22205
Published: 23 April 2021
Summary
CVE-2021-22205 is a critical-severity Code Injection (CWE-94) vulnerability in Gitlab Gitlab. Its CVSS base score is 10.0 (Critical).
Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-3 (Malicious Code Protection).
Deeper analysis
The vulnerability CVE-2021-22205 is an improper input validation flaw under CWE-94 that affects GitLab Community Edition and Enterprise Edition in all versions starting from 11.9. GitLab failed to properly validate image files passed to a file parser, resulting in remote command execution.
This issue can be exploited remotely by unauthenticated attackers over the network with low attack complexity and no required user interaction. A successful attack yields complete impact on confidentiality, integrity, and availability, with a CVSS 3.1 base score of 10.0 reflecting the potential for full system compromise.
References such as the GitLab CVE repository entry, associated issue tracker, and HackerOne report point to official advisories and patches for remediation, while public exploit artifacts on PacketStorm demonstrate practical attack methods against the affected versions.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-9351
Vulnerability details
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of image file inputs to the parser, blocking the malformed content that triggers RCE in CVE-2021-22205.
Deploys malicious-code detection mechanisms that can identify and block the command-execution payload delivered via the unvalidated image file.
Requires integrity verification of both the uploaded image and the parser component, detecting tampering that leads to the remote command execution.