CVE-2021-22192

CRITICAL LAB

GitLab CE/EE <13.2 - Authenticated RCE

Title source: llm

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server.

Exploits (3)

nomisec WORKING POC 36 stars

by EXP-Docs · poc

https://github.com/EXP-Docs/CVE-2021-22192

View Code ZIP pw:eip

nomisec WRITEUP 13 stars

by PetrusViet · poc

https://github.com/PetrusViet/Gitlab-RCE

View Code ZIP pw:eip

inthewild WORKING POC

poc

https://github.com/lyy289065406/cve-2021-22192

View Code ZIP pw:eip

References (3)

[Vendor Advisory] https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22192.json

[Broken Link] https://gitlab.com/gitlab-org/gitlab/-/issues/324452

[Permissions Required, Third Party Advisory] https://hackerone.com/reports/1125425

Scores

CVSS v3 9.9

EPSS 0.8116

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Lab Environment

COMMUNITY

Community Lab

docker pull gitlab/gitlab-ee:13.2.0-ee.0

docker pull gitlab/gitlab-runner:ubuntu-v13.10.0

https://github.com/EXP-Docs/CVE-2021-22192

https://github.com/PetrusViet/Gitlab-RCE

https://github.com/lyy289065406/cve-2021-22192

View in Library

Details

Status published

Products (1)

gitlab/gitlab 13.2.0 - 13.7.9 (2 CPE variants)

Published Mar 24, 2021

Tracked Since Feb 18, 2026