Back to KEVs

CVE-2021-22175

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions...

Basic Information

CVE State
PUBLISHED
Reserved Date
January 05, 2021
Published Date
June 11, 2021
Last Updated
February 19, 2026
Vendor
GitLab
Product
GitLab
Description
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled
Tags
cisa nuclei_scanner

CVSS Scores

CVSS v3.1

6.8 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2026-06-01 10:59:30 UTC) Source

References

https://gitlab.com/gitlab-org/gitlab/-/issues/294178 https://hackerone.com/reports/1059596 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json

Known Exploited Vulnerability Information

Source Added Date
CVE 2026-06-01 10:59:30 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-22175.yaml 2026-06-01 15:34:30 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Detected by Nuclei