CVE-2021-22206

MEDIUM

GitLab 11.6.0-13.9.6 - Cleartext Storage of Sensitive Information in Pull Mirror Credentials

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-22206. PoCs published by dannymas.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2021-22205, leveraging a malicious file upload vulnerability in GitLab. The exploit crafts a multipart form request with a malicious image file to achieve remote code execution (RCE).

Description

An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text,

Exploits (1)

nomisec WORKING POC
by dannymas · poc
https://github.com/dannymas/CVE-2021-22206

This repository contains a functional exploit for CVE-2021-22205, leveraging a malicious file upload vulnerability in GitLab. The exploit crafts a multipart form request with a malicious image file to achieve remote code execution (RCE).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: GitLab
Auth required
Prerequisites: Valid session token (CSRF token) · Access to the target GitLab instance
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Permissions Required, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/928074

Scores

CVSS v3 6.8
EPSS 0.0012
EPSS Percentile 29.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Details

CWE
CWE-312
Status published
Products (1)
gitlab/gitlab 11.6.0 - 13.9.7 (2 CPE variants)
Published May 06, 2021
Tracked Since Feb 18, 2026