{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T11:41:57.517","vulnerabilities":[{"cve":{"id":"CVE-2021-22175","sourceIdentifier":"cve@gitlab.com","published":"2021-06-11T16:15:09.023","lastModified":"2026-02-20T02:00:02.830","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled"},{"lang":"es","value":"Cuando se habilitan las peticiones a la red interna para los webhooks, una vulnerabilidad de tipo server-side request forgery en GitLab que afecta a todas las versiones desde 10.5, era posible explotar por un atacante no autenticado incluso en una instancia de GitLab en la que el registro está deshabilitado"}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"cisaExploitAdd":"2026-02-18","cisaActionDue":"2026-03-11","cisaRequiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"GitLab Server-Side Request Forgery (SSRF) Vulnerability","weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"10.5.0","versionEndExcluding":"13.6.7","matchCriteriaId":"DE63DB65-205A-4ED6-8B6C-2B2B33F1E757"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"10.5.0","versionEndExcluding":"13.6.7","matchCriteriaId":"C3B65808-C140-43B2-8264-56A1BCE86A86"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"13.7.0","versionEndExcluding":"13.7.7","matchCriteriaId":"4BBAF21A-84DD-4987-B4BE-2A8CAA44210A"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"13.7.0","versionEndExcluding":"13.7.7","matchCriteriaId":"9AE735A5-FC67-4B16-B27B-86C51C8771C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"13.8.0","versionEndExcluding":"13.8.4","matchCriteriaId":"D3009669-C930-4517-914D-5DB9A0E40B59"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"13.8.0","versionEndExcluding":"13.8.4","matchCriteriaId":"9F7976E8-BDA5-4104-AC3E-38C02CC613A7"}]}]}],"references":[{"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json","source":"cve@gitlab.com","tags":["Vendor Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/294178","source":"cve@gitlab.com","tags":["Exploit","Issue Tracking","Vendor Advisory"]},{"url":"https://hackerone.com/reports/1059596","source":"cve@gitlab.com","tags":["Permissions Required","Third Party Advisory"]},{"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/294178","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Vendor Advisory"]},{"url":"https://hackerone.com/reports/1059596","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required","Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22175","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}