UBUNTU-CVE-2021-22175
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 11 Jun 2021, 16:15
Last modified:19 Feb 2026, 19:27
Vulnerability Summary
Overall Risk (default)
medium
27/100 CVSS Score
6.8 MEDIUM
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
11 Jun 2021, 16:15
Published
Vulnerability first disclosed
19 Feb 2026, 19:27
Last Modified
Vulnerability information updated
Description
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled
CVSS Metrics
- v3.1•MEDIUM•Score: 6.8CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Affected Systems
- ubuntu•gitlab
all
References (6)
- https://ubuntu.com/security/CVE-2021-22175
- https://gitlab.com/gitlab-org/gitlab/-/issues/294178
- https://hackerone.com/reports/1059596
- https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json
- https://www.cve.org/CVERecord?id=CVE-2021-22175
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog