CISA KEV 정보
| 취약점명 | GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability |
|---|---|
| 설명 | GitLab Community and Enterprise Editions contain a server-side request forgery vulnerability which could allow unauthorized external users to perform Server Side Requests via the CI Lint API. |
| 조치사항 | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-918 |
| 등록일 (KEV) | 2026-02-03 |
| 조치 기한 | 2026-02-24 |
| 추가 참고 | https://about.gitlab.com/releases/2021/12/06/security-release-gitlab-14-5-2-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2021-39935 |
NVD 상세 정보
CVSS v3.1: 6.8 MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:NCVSS v2.0: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N설명: An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API
CWE: CWE-918 | CWE-918
참조
- https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39935.json [Third Party Advisory]
- https://gitlab.com/gitlab-org/gitlab/-/issues/346187 [Issue Tracking, Vendor Advisory]
- https://hackerone.com/reports/1236965 [Permissions Required, Third Party Advisory]
- https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39935.json [Third Party Advisory]
- https://gitlab.com/gitlab-org/gitlab/-/issues/346187 [Issue Tracking, Vendor Advisory]
- https://hackerone.com/reports/1236965 [Permissions Required, Third Party Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-39935 [US Government Resource]
This product uses the NVD API but is not endorsed or certified by the NVD.