CVE-2021-22201

CRITICAL

GitLab CE/EE <13.9 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-22201. PoCs published by c2at3, exp1orer.

AI-analyzed exploit summary This repository contains a functional Metasploit module for CVE-2021-22201, an arbitrary file read vulnerability in GitLab CE/EE. The exploit leverages a crafted import file to read files on the server, specifically targeting GitLab versions >=13.9, <13.9.5 and >=13.10, <13.10.1.

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server.

Exploits (2)

gitlab WORKING POC 1 stars

by c2at3 · poc

https://gitlab.com/c2at3/build-the-exploit-module-cve-2021-22201-for-metasploit-framework

View Code ZIP pw:eip

This repository contains a functional Metasploit module for CVE-2021-22201, an arbitrary file read vulnerability in GitLab CE/EE. The exploit leverages a crafted import file to read files on the server, specifically targeting GitLab versions >=13.9, <13.9.5 and >=13.10, <13.10.1.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: GitLab CE/EE (>=13.9, <13.9.5 and >=13.10, <13.10.1)

Auth required

Prerequisites: valid GitLab credentials · access to the GitLab instance · PoC-CVE-2021-22201.tar.gz file

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 23, 2026 Full analysis →

nomisec WORKING POC 1 stars

by exp1orer · poc

https://github.com/exp1orer/CVE-2021-22201

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2021-22201, an arbitrary file read vulnerability in GitLab. The exploit automates the process of logging in, creating a project, and exporting it to trigger the vulnerability.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: GitLab 13.9.0 to 13.9.4

Auth required

Prerequisites: Valid GitLab credentials · Network access to the target GitLab instance

MITRE ATT&CK

T1005 - Data from Local System

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Broken Link x_refsource_misc

https://gitlab.com/gitlab-org/gitlab/-/issues/325562

Permissions Required, Third Party Advisory x_refsource_misc

https://hackerone.com/reports/1132378

Vendor Advisory x_refsource_confirm

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22201.json

Scores

CVSS v3 9.6

EPSS 0.0307

EPSS Percentile 86.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Details

Status published

Products (1)

gitlab/gitlab 13.9.0 - 13.9.5 (2 CPE variants)

Published Apr 02, 2021

Tracked Since Feb 18, 2026