1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. GitLab Community and Enterprise Editions Remote Code Execution Vulnerability

Known Exploited Vulnerabilities CVE-2021-22205 Mappings

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2021-22205 GitLab Community and Enterprise Editions Remote Code Execution Vulnerability primary_impact T1498 Network Denial of Service
Comments
CVE-2021-22205 is a Remote Code Execution Vulnerability on GitLab Community and Enterprise Editions where threat actors have been reported to actively exploit the security flaw to co-opt unpatched GitLab servers into a botnet and launch distributed denial of service (DDoS) attacks
References
  1. https://therecord.media/gitlab-servers-are-being-exploited-in-ddos-attacks-in-excess-of-1-tbps
  2. https://thehackernews.com/2021/11/alert-hackers-exploiting-gitlab.html
CVE-2021-22205 GitLab Community and Enterprise Editions Remote Code Execution Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
CVE-2021-22205 is a critical remote code execution vulnerability allowing unauthenticated attackers to execute arbitrary commands on affected systems. The vulnerability was reported to be actively exploited for o assemble botnets and launch gigantic distributed denial of service (DDoS) attacks.
References
  1. https://therecord.media/gitlab-servers-are-being-exploited-in-ddos-attacks-in-excess-of-1-tbps
  2. https://www.bleepingcomputer.com/news/security/over-30-000-gitlab-servers-still-unpatched-against-critical-bug/
CVE-2021-22205 GitLab Community and Enterprise Editions Remote Code Execution Vulnerability secondary_impact T1498 Network Denial of Service
Comments
CVE-2021-22205 is a critical remote code execution vulnerability allowing unauthenticated attackers to execute arbitrary commands on affected systems. The vulnerability was reported to be actively exploited for o assemble botnets and launch gigantic distributed denial of service (DDoS) attacks.
References
  1. https://therecord.media/gitlab-servers-are-being-exploited-in-ddos-attacks-in-excess-of-1-tbps
  2. https://www.bleepingcomputer.com/news/security/over-30-000-gitlab-servers-still-unpatched-against-critical-bug/
CVE-2021-22205 GitLab Community and Enterprise Editions Remote Code Execution Vulnerability secondary_impact T1496 Resource Hijacking
Comments
CVE-2021-22205 is a critical remote code execution vulnerability allowing unauthenticated attackers to execute arbitrary commands on affected systems. The vulnerability was reported to be actively exploited for o assemble botnets and launch gigantic distributed denial of service (DDoS) attacks.
References
  1. https://therecord.media/gitlab-servers-are-being-exploited-in-ddos-attacks-in-excess-of-1-tbps
  2. https://www.bleepingcomputer.com/news/security/over-30-000-gitlab-servers-still-unpatched-against-critical-bug/
CVE-2021-22205 GitLab Community and Enterprise Editions Remote Code Execution Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
CVE-2021-22205 is a critical remote code execution vulnerability allowing unauthenticated attackers to execute arbitrary commands on affected systems. The vulnerability was reported to be actively exploited for o assemble botnets and launch gigantic distributed denial of service (DDoS) attacks.
References
  1. https://therecord.media/gitlab-servers-are-being-exploited-in-ddos-attacks-in-excess-of-1-tbps
  2. https://www.bleepingcomputer.com/news/security/over-30-000-gitlab-servers-still-unpatched-against-critical-bug/