Exploit for Improper Input Validation in Gitlab exploit

Share

## https://sploitus.com/exploit?id=FC5EF359-9770-55B8-9E87-4F9044AE36F1 # CVE-2021-22205 [](https://ci.appveyor.com/project/ahmad4fifz/cve-2021-22205) This is the deployment for Gitlab Enterprise Edition (13.9.5) that is vulnerable to [CVE-2021-22205](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22205) using Docker container. ## Description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution. ## Requirement: Required atleast 4 CPU, 8GB RAM and 160GB Storage if using Digital Ocean's droplet. (Monthly around $40 only) ## Setup: ``` docker-compose up --build -d ``` ## Volumes: - ./config:/etc/gitlab - ./logs:/var/log/gitlab - ./data:/var/opt/gitlab ## References: - https://www.rapid7.com/blog/post/2021/11/01/gitlab-unauthenticated-remote-code-execution-cve-2021-22205-exploited-in-the-wild/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22205 - https://about.gitlab.com/blog/2021/11/04/action-needed-in-response-to-cve2021-22205/ - https://nvd.nist.gov/vuln/detail/CVE-2021-22205 ## License Released under [MIT](/LICENSE) by [@ahmad4fifz](https://github.com/ahmad4fifz).