Description

Gitlab CI Lint API allows validating CI/CD YAML configuration from remote servers. It doesn't require authentication. An attacker may use this feature to perform SSRF (Server-side request forgery) attacks on the server.

Remediation

Upgrade to the latest version of Gitlab

References

GitLab

Related Vulnerabilities

JavaMelody XML External Entity (XXE) vulnerability

XSLT injection

ColdFusion JNDI injection RCE

Auxiliary systems SSRF

WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.6)

Severity

Medium

Classification

CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Acumonitor SSRF