关联漏洞
标题:
GitLab 代码注入漏洞
(CVE-2021-22205)
描述:GitLab是美国GitLab公司的一个开源的端到端软件开发平台,具有内置的版本控制、问题跟踪、代码审查、CI/CD(持续集成和持续交付)等功能。 Gitlab Community Edition 存在代码注入漏洞,该漏洞源于图像解析器在处理图像文件时输入验证不正确。以下产品及版本受到影响::Gitlab Community Edition: 11.9.0, 11.9.1, 11.9.2, 11.9.3, 11.9.4, 11.9.5, 11.9.6, 11.9.7, 11.9.8, 11.9.9, 11
描述
CVE-2021-22205 exploit script
介绍
# CVE-2021-22205
> Preauth RCE via exiftool on Gitlab CE/EE
## Summary of the CVE
GitLab uses ExifTool to scan every tiff/jpeg/jpg file to remove any tags that are not whitelisted.
But because ExifTool doesn't use file extensions to determine filetype but it rather uses the content of the file, which allows an attacker to upload any file, rename it to tiff/jpeg/jpg and "abuse" any of the ExifTool supported parsers.
When parsing DjVu files ExifTool evals DjVu annotation tokens to convert C escape sequences.
## Affected Versions
- Gitlab CE/EE >= 11.9 < 13.8.8
- Gitlab CE/EE >= 13.9 < 13.9.6
- Gitlab CE/EE >= 13.10 < 13.8.8
## Anomalies
Uploads a image file to the server.
## References
- [Original Report - vakzz, Apr 07 2021](https://gitlab.com/gitlab-org/gitlab/-/issues/327121)
- [Github POC - Al1ex, Oct 29 2021](https://github.com/Al1ex/CVE-2021-22205)
- [CVE-details - CVSS Score 10.0](https://www.cvedetails.com/cve/CVE-2021-22205/)
文件快照
[4.0K] /data/pocs/77698c0baddf535497fc28d849e3a78c0ee93ce4
├── [ 38K] CVE-2021-22205.py
├── [ 959] README.md
└── [ 9] requirements.txt
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。