Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2021-22205

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.

POC

Reference

- http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html

- http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html

Github

- https://github.com/0x0021h/expbox

- https://github.com/0xMarcio/cve

- https://github.com/0xget/cve-2001-1473

- https://github.com/0xn0ne/simple-scanner

- https://github.com/20142995/Goby

- https://github.com/20142995/nuclei-templates

- https://github.com/20142995/pocsuite3

- https://github.com/20142995/sectool

- https://github.com/34zY/APT-Backpack

- https://github.com/84634E1A607A/thuctf-2022-wp

- https://github.com/ARPSyndicate/cve-scores

- https://github.com/ARPSyndicate/cvemon

- https://github.com/ARPSyndicate/kenzer-templates

- https://github.com/AkBanner/CVE-2021-22205

- https://github.com/Al1ex/CVE-2021-22205

- https://github.com/Andromeda254/cve

- https://github.com/Awrrays/FrameVul

- https://github.com/CLincat/vulcat

- https://github.com/CVEDB/PoC-List

- https://github.com/CVEDB/awesome-cve-repo

- https://github.com/CVEDB/top

- https://github.com/Catbamboo/Catbamboo.github.io

- https://github.com/DIVD-NL/GitLab-cve-2021-22205-nse

- https://github.com/Drajoncr/AttackWebFrameworkTools

- https://github.com/FDlucifer/firece-fish

- https://github.com/GhostTroops/TOP

- https://github.com/GitLab-Red-Team/cve-hash-harvester

- https://github.com/Hatcat123/my_stars

- https://github.com/Hikikan/CVE-2021-22205

- https://github.com/HimmelAward/Goby_POC

- https://github.com/Jeromeyoung/CVE-2021-22210

- https://github.com/Loginsoft-LLC/Linux-Exploit-Detection

- https://github.com/Loginsoft-Research/Linux-Exploit-Detection

- https://github.com/Mr-xn/Penetration_Testing_POC

- https://github.com/Mr-zny/fofa_crawler

- https://github.com/NaInSec/CVE-PoC-in-GitHub

- https://github.com/NukingDragons/gitlab-cve-2021-22205

- https://github.com/NyxAzrael/Goby_POC

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/Parker-Corbitt/CS4770_CVE

- https://github.com/Qclover/Gitlab_RCE_CVE_2021_22205

- https://github.com/SYRTI/POC_to_review

- https://github.com/SanStardust/POC-scan

- https://github.com/Seals6/CVE-2021-22205

- https://github.com/SexyBeast233/SecBooks

- https://github.com/Threekiii/Awesome-Exploit

- https://github.com/Threekiii/Awesome-POC

- https://github.com/Threekiii/Awesome-Redteam

- https://github.com/Threekiii/Vulhub-Reproduce

- https://github.com/WhooAmii/POC_to_review

- https://github.com/X1pe0/Automated-Gitlab-RCE

- https://github.com/XTeam-Wing/CVE-2021-22205

- https://github.com/XiaoliChan/Xiaoli-Tools

- https://github.com/XiaomingX/awesome-poc-for-red-team

- https://github.com/Z0fhack/Goby_POC

- https://github.com/ZZ-SOCMAP/CVE-2021-22205

- https://github.com/ahmad4fifz/CVE-2021-22205

- https://github.com/al4xs/CVE-2021-22205-gitlab

- https://github.com/antx-code/CVE-2021-22205

- https://github.com/asdaweee/GitLabRCECVE-2021-22205-GUI

- https://github.com/bakery312/Vulhub-Reproduce

- https://github.com/binganao/vulns-2022

- https://github.com/brunsu/woodswiki

- https://github.com/c0okB/CVE-2021-22205

- https://github.com/cc3305/CVE-2021-22205

- https://github.com/cc8700619/poc

- https://github.com/cyberwithcyril/VulhubPenTestingReport

- https://github.com/dannymas/CVE-2021-22206

- https://github.com/devdanqtuan/CVE-2021-22205

- https://github.com/dial25sd/arf-vulnerable-vm

- https://github.com/faisalfs10x/GitLab-CVE-2021-22205-scanner

- https://github.com/findneo/GitLab-preauth-RCE_CVE-2021-22205

- https://github.com/g1san/Agents-for-Vulnerable-Dockers-and-related-Benchmarks

- https://github.com/hanc00l/pocGoby2Xray

- https://github.com/hanc00l/some_pocsuite

- https://github.com/heltsikker/hsctf22

- https://github.com/hh-hunter/cve-2021-22205

- https://github.com/hhhotdrink/CVE-2021-22205

- https://github.com/hktalent/TOP

- https://github.com/hktalent/bug-bounty

- https://github.com/honypot/CVE-2021-22205

- https://github.com/huimzjty/vulwiki

- https://github.com/inspiringz/CVE-2021-22205

- https://github.com/j5s/Polaris

- https://github.com/jas502n/GitlabVer

- https://github.com/jusk9527/GobyPoc

- https://github.com/k0mi-tg/CVE-POC

- https://github.com/keven1z/CVE-2021-22205

- https://github.com/kh4sh3i/Gitlab-CVE

- https://github.com/killvxk/Awesome-Exploit

- https://github.com/liaboveall/SecureGuard-WAF

- https://github.com/lions2012/Penetration_Testing_POC

- https://github.com/manas3c/CVE-POC

- https://github.com/merlinepedra/AttackWebFrameworkTools-5.0

- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0

- https://github.com/momika233/cve-2021-22205-GitLab-13.10.2---Remote-Code-Execution-RCE-Unauthenticated-

- https://github.com/mr-r3bot/Gitlab-CVE-2021-22205

- https://github.com/n0-traces/cve_monitor

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/octane23/CASE-STUDY-1

- https://github.com/osungjinwoo/CVE-2021-22205-gitlab

- https://github.com/overgrowncarrot1/DejaVu-CVE-2021-22205

- https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main

- https://github.com/peiqiF4ck/WebFrameworkTools-5.5

- https://github.com/peiqiF4ck/WebFrameworkTools-5.5-enhance

- https://github.com/pen4uin/awesome-vulnerability-research

- https://github.com/pen4uin/vulnerability-research

- https://github.com/pen4uin/vulnerability-research-list

- https://github.com/pizza-power/Golang-CVE-2021-22205-POC

- https://github.com/r0eXpeR/CVE-2021-22205

- https://github.com/ramimac/aws-customer-security-incidents

- https://github.com/runsel/GitLab-CVE-2021-22205-

- https://github.com/sanqiushu-ns/POC-scan

- https://github.com/shang159/CVE-2021-22205-getshell

- https://github.com/shengshengli/AttackWebFrameworkTools-5.0

- https://github.com/soosmile/POC

- https://github.com/superfish9/pt

- https://github.com/tanjiti/sec_profile

- https://github.com/trganda/starrlist

- https://github.com/trhacknon/Pocingit

- https://github.com/w0x68y/Gitlab-CVE-2021-22205

- https://github.com/weeka10/-hktalent-TOP

- https://github.com/whoforget/CVE-POC

- https://github.com/whwlsfb/CVE-2021-22205

- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-

- https://github.com/woods-sega/woodswiki

- https://github.com/xuetusummer/Penetration_Testing_POC

- https://github.com/youwizard/CVE-POC

- https://github.com/zecool/cve