CVE-2021-22190 – This path traversal vulnerability in GitLab Wor... (How to Fix)

Q: What is the severity of CVE-2021-22190?

CVE-2021-22190 has a CVSS score of 8.5 (HIGH). This path traversal vulnerability in GitLab Workhorse allows attackers to access JWT tokens by manipulating file paths. All GitLab versions are affected, potentially exposing authentication credentials and sensitive data.

📋 TL;DR

This path traversal vulnerability in GitLab Workhorse allows attackers to access JWT tokens by manipulating file paths. All GitLab versions are affected, potentially exposing authentication credentials and sensitive data.

💻 Affected Systems

Products:

GitLab

Versions: All versions before 13.9.6, 13.10.3, and 13.11.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all GitLab deployments using Workhorse component

📦 What is this software?

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers obtain JWT tokens and gain unauthorized access to GitLab instances, potentially compromising source code, CI/CD pipelines, and user data.

🟠

Likely Case

Unauthorized access to GitLab repositories and sensitive configuration data through stolen authentication tokens.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, though token exposure remains a concern.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires path traversal techniques to access JWT tokens

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 13.9.6, 13.10.3, or 13.11.0

Vendor Advisory: https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22190.json

Restart Required: Yes

Instructions:

1. Backup GitLab instance. 2. Update to patched version via package manager. 3. Restart GitLab services. 4. Verify update with version check.

🔧 Temporary Workarounds

Network segmentation

all

Restrict access to GitLab instances to trusted networks only

JWT token monitoring

all

Monitor for unusual JWT token usage patterns

🧯 If You Can't Patch

Implement strict network access controls to limit GitLab exposure
Enable enhanced logging and monitoring for path traversal attempts

🔍 How to Verify

Check if Vulnerable:

Check GitLab version against affected versions (below 13.9.6, 13.10.3, or 13.11.0)

Check Version:

sudo gitlab-rake gitlab:env:info | grep 'Version:'

Verify Fix Applied:

Confirm GitLab version is 13.9.6, 13.10.3, 13.11.0 or higher

📡 Detection & Monitoring

Log Indicators:

Unusual file path access patterns in GitLab logs
Failed authentication attempts with JWT tokens

Network Indicators:

HTTP requests with path traversal patterns to GitLab endpoints

SIEM Query:

source="gitlab.logs" AND (path="*../*" OR path="*..\\*")

📊 Metadata

CVE ID: CVE-2021-22190

CVSS v3 Score: 8.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-22

Published: April 12, 2021

Last Updated: November 21, 2024

🔗 References

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22190.json Third Party Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/300281 Broken Link
https://hackerone.com/reports/1040786 Permissions Required
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22190.json Third Party Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/300281 Broken Link
https://hackerone.com/reports/1040786 Permissions Required

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22190, you might also want to check these: