Threat Encyclopedia

GitLab.CVE-2021-22192.Remote.Code.Execution

description-logoDescription

This indicates an attack attempt to exploit an Remote Code Execution Vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE).
The vulnerability is due to insufficient check of the object. Successful exploitation could allow any user with push access to a wiki to execute arbitrary ruby code.

affected-products-logoAffected Products

GitLab GitLab Community Edition (CE) and Enterprise Edition (EE) 13.2.0 prior to 13.7.9
GitLab GitLab Community Edition (CE) and Enterprise Edition (EE) 13.8.0 prior to 13.8.6
GitLab GitLab Community Edition (CE) and Enterprise Edition (EE) 13.9.0 prior to 13.9.4

Impact

System Compromise: Remote attacker can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22192.json

CVE References

CVE-2021-22192