CVE-2021-22205CISA KEV: Actively Exploited

GitLab Community and Enterprise Editions Remote Code Execution Vulnerability

Published Nov 3, 2021·Updated Nov 3, 2021

Description

GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.

Public Exploits & PoCs23 found

PoC: CVE-2021-22205

CVE-2021-22205& GitLab CE/EE RCE

209

PoC: CVE-2021-22205

GitLab CE/EE Preauth RCE using ExifTool

142

PoC: CVE-2021-22205

Pocsuite3 For CVE-2021-22205

87

PoC: CVE-2021-22205

CVE-2021-22205 Unauthorized RCE

70

PoC: CVE-2021-22205

CVE-2021-22205未授权漏洞批量检测与利用工具

28

PoC: CVE-2021-22205

CVE-2021-22205 Gitlab 未授权远程代码执行漏洞 EXP, 移除了对djvumake & djvulibre的依赖,可在win平台使用

19

PoC: CVE-2021-22205

CVE-2021-22205 RCE

12

PoC: CVE-2021-22205

Gitlab CE/EE RCE 未授权远程代码执行漏洞 POC && EXP CVE-2021-22205

7

PoC: Golang-CVE-2021-22205-POC

A CVE-2021-22205 Gitlab RCE POC written in Golang

3

PoC: CVE-2021-22205-getshell

CVE-2021-22205-getshell

3

PoC: GitLab-CVE-2021-22205-

Exploit for GitLab CVE-2021-22205 Unauthenticated Remote Code Execution

2

PoC: GitLab-preauth-RCE_CVE-2021-22205

PoC in single line bash

2

PoC: cve-2021-22205-GitLab-13.10.2---Remote-Code-Execution-RCE-Unauthenticated-

GitLab 13.10.2 - Remote Code Execution (RCE) (Unauthenticated) cve-2021-22205

1

PoC: cve-2021-22205-hash-harvester

Finds an identifiable hash value for each version of GitLab vulnerable to CVE-2021-22205 (https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22205.json) for use in fingerprinting.

1

PoC: GitLab-cve-2021-22205-nse

NSE script to fingerprint if GitLab is vulnerable to cve-2021-22205-nse

1

[POC] GHSA-3mgp-fx93-9xv5 — CVE-2021-22205

CVE-2021-22205 - GitLab Unauthenticated Remote Code Execution

PoC: CVE-2021-22205

CVE-2021-22205& GitLab CE/EE RCE

PoC: CVE-2021-22205

CVE-2021-22205 exploit script

PoC: gitlab-cve-2021-22205

A simple bash script that exploits CVE-2021-22205 against vulnerable instances of gitlab

PoC: CVE-2021-22205

CVE-2021-22205 检测脚本,支持getshell和命令执行

PoC: Gitlab-CVE-2021-22205

CVE-2021-22205 的批量检测脚本

PoC: Automated-Gitlab-RCE

Automated Gitlab RCE via CVE-2021-22205

PoC: CVE-2021-22205

CVE-2021-22205& GitLab CE/EE RCE

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free