External risk intelligence

GitLab CI Lint API Server-Side Request Forgery

CVE advisoryKnown Exploit

CVE-2021-39935

GitLab versions are affected by a vulnerability in the CI Lint API, allowing external users to perform unauthorized server-side requests. This could expose internal systems and data to external access, posing a business risk. Organizations are advised to apply vendor patches.

4Halo Surface Signal

Server-Side Request Forgery

Gitlab

10.5.0 to before 14.3.614.4.0 to before 14.4.414.5.0 to before 14.5.2

External exposure likelihood

Halo Surface Signal score for CVE-2021-39935

GitLab is commonly deployed as an internet-facing application platform and development gateway. The vulnerability exists within the CI Lint API, which is a component of the web interface and API surface often exposed to developers and automated systems in remote or external network environments.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Horizon Alert

Summary of the vulnerability and why it matters

GitLab Community and Enterprise Editions contain a flaw in the CI Lint API that allows external users to perform unauthorized server-side requests. This could impact organizations by exposing internal systems and data to external access. The vulnerability affects specific versions of GitLab.

  • Vulnerable GitLab CI Lint API
  • Unauthorized server-side requests
  • Exposure of internal systems

Attack Path

How an attacker could exploit the issue

An attacker may exploit a vulnerability in GitLab's CI Lint API to initiate server-side requests. This attack vector allows unauthorized external users to gain access to internal resources by manipulating the API. The exploitation can lead to an attacker gaining control over certain aspects of the targeted system.

  • Exposure via the CI Lint API.
  • Unauthorized external user access.
  • Triggering server-side requests.
  • Gaining system control.

Live Threat

Current exploitation, exposure, and threat context

A vulnerability in GitLab Community and Enterprise Editions allows unauthorized external users to execute Server Side Requests. This could enable attackers to interact with internal systems or external services that the GitLab server has access to. Organizations should treat this as a high-risk issue given the potential for unauthorized data access or system compromise.

  • Likely attacker skill level: Low
  • Required access or conditions: Network access
  • Business risk or urgency: High

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

An organization is advised to address a GitLab vulnerability that permits unauthorized external users to conduct server-side requests. This vulnerability impacts GitLab Community and Enterprise Editions and is accessible via the CI Lint API. The disclosed vulnerability has a HIGH severity rating and is listed on the Known Exploited Vulnerabilities catalog.

  • Find exposed GitLab instances.
  • Reduce access to the CI Lint API.
  • Apply vendor patches and verify.

Frequently asked questions

What is the nature of the vulnerability in GitLab's CI Lint API?

GitLab Community and Enterprise Editions have a vulnerability in the CI Lint API that allows unauthorized external users to perform Server Side Requests. This means an attacker could trick the GitLab server into making requests to internal or external resources it has access to.

Which GitLab versions are affected by this Server-Side Request Forgery vulnerability?

The vulnerability affects GitLab versions starting from 10.5 before 14.3.6, versions from 14.4 before 14.4.4, and versions from 14.5 before 14.5.2. Applying patches or updating to later versions is recommended.

How can an attacker exploit the GitLab CI Lint API vulnerability?

An attacker can exploit this by sending specific requests to the CI Lint API. This API, often exposed externally, allows unauthorized users to initiate server-side requests, potentially leading to access to internal systems or sensitive data.

What is the severity and relevance of the GitLab CI Lint API SSRF vulnerability?

This vulnerability is rated as HIGH severity, with a CVSS base score of 7.5. It is also listed on the Known Exploited Vulnerabilities catalog, indicating active exploitation and a high level of relevance for organizations using the affected GitLab versions.

What steps should organizations take to mitigate the GitLab CI Lint API SSRF vulnerability?

Organizations should identify exposed GitLab instances, restrict access to the CI Lint API where possible, and apply vendor-provided patches promptly. Following vendor instructions and applicable guidance for cloud services is crucial.

References

Sources and related resources

Primary sources: NVD, CVE.org, CISA KEV.

NVDPublished Modified