This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: GitLab CE/EE suffers from an SSRF vulnerability via the **CI Lint API**.β¦
π‘οΈ **Root Cause**: Improper validation in the **CI Lint API** endpoint. <br>β οΈ **Flaw**: Allows external inputs to trigger internal server requests without sufficient checks.β¦
π¦ **Affected Versions**: <br>β’ 10.5.x up to **14.3.6** <br>β’ 14.4.x up to **14.4.4** <br>β’ 14.5.x up to **14.5.2** <br>π’ **Vendor**: GitLab (CE/EE). π Published: 2021-12-13. π
Q4What can hackers do? (Privileges/Data)
π΅οΈ **Attacker Action**: Execute **Server-Side Requests** (SSRF). <br>π **Privileges**: No authentication required (PR:N). <br>π **Impact**: High Confidentiality (C:H), System Change (S:C).β¦
π **Public Exp**: No specific PoC code provided in data. <br>π **References**: HackerOne Report #1236965 & GitLab Issues #346187 exist. <br>β οΈ **Status**: Theoretical/Confirmed, but no wild exploit script listed. π«
Q7How to self-check? (Features/Scanning)
π **Check**: Scan for GitLab instances exposing the **CI Lint API**. <br>π οΈ **Tool**: Use vulnerability scanners to detect version < 14.5.2. <br>π **Visual**: Look for unauthenticated access to CI linting endpoints. π‘
Q8Is it fixed officially? (Patch/Mitigation)
β **Fixed**: Yes! <br>π§ **Patches**: <br>β’ Upgrade to **14.3.7+** <br>β’ Upgrade to **14.4.5+** <br>β’ Upgrade to **14.5.3+** <br>π₯ **Action**: Update immediately to the latest stable version. π
Q9What if no patch? (Workaround)
π‘οΈ **Workaround**: If patching is delayed, **restrict access** to the CI Lint API. <br>π§ **Mitigation**: Use WAF rules to block unauthenticated requests to `/api/v4/ci/lint`.β¦