CVE-2021-39867 - In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer

CVE-2021-39867

Summary

In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trigger Server Side Request Forgery (SSRF) attacks.

References

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39867.json
https://gitlab.com/gitlab-org/gitlab/-/issues/214401

Vulnerable Configurations

CVSS

Base:	None
Impact:
Exploitability:

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

05-10-2021 - 13:26

Published

05-10-2021 - 13:15

Last modified

05-10-2021 - 13:26