CVE-2021-22195 – This vulnerability in GitLab's Visual Studio Co... (How to Fix)

Q: What is the severity of CVE-2021-22195?

CVE-2021-22195 has a CVSS score of 8.6 (HIGH). This vulnerability in GitLab's Visual Studio Code extension allows attackers to execute arbitrary code on users' systems through client-side exploitation. It affects users of GitLab's VS Code extension version 3.15.0 and earlier. Attackers can exploit this by tricking users into interacting with malicious content.

📋 TL;DR

This vulnerability in GitLab's Visual Studio Code extension allows attackers to execute arbitrary code on users' systems through client-side exploitation. It affects users of GitLab's VS Code extension version 3.15.0 and earlier. Attackers can exploit this by tricking users into interacting with malicious content.

💻 Affected Systems

Products:

GitLab Visual Studio Code Extension

Versions: 3.15.0 and earlier

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of affected versions are vulnerable regardless of configuration.

📦 What is this software?

Gitlab Vscode Extension by Gitlab

View all CVEs affecting Gitlab Vscode Extension →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the user's machine, potentially leading to data theft, ransomware deployment, or lateral movement within networks.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to user files, credentials, and system resources.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction but is straightforward once the malicious payload is delivered.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.16.0 and later

Vendor Advisory: https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22195.json

Restart Required: Yes

Instructions:

1. Open Visual Studio Code. 2. Go to Extensions view. 3. Find GitLab extension. 4. Click Update button. 5. Restart VS Code after update completes.

🔧 Temporary Workarounds

Disable GitLab Extension

all

Temporarily disable the vulnerable extension until patching is possible.

code --disable-extension GitLab.gitlab-workflow

Remove GitLab Extension

all

Completely remove the vulnerable extension.

code --uninstall-extension GitLab.gitlab-workflow

🧯 If You Can't Patch

Run VS Code with minimal privileges and in sandboxed environments
Implement application whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check extension version in VS Code Extensions view or run: code --list-extensions --show-versions | grep gitlab

Check Version:

code --list-extensions --show-versions | grep gitlab

Verify Fix Applied:

Verify extension version is 3.16.0 or higher using same command

📡 Detection & Monitoring

Log Indicators:

Unusual process execution from VS Code context
Suspicious network connections from VS Code

Network Indicators:

Unexpected outbound connections from developer workstations

SIEM Query:

process_name:code.exe AND (parent_process:explorer.exe OR cmdline:*gitlab*)

📊 Metadata

CVE ID: CVE-2021-22195

CVSS v3 Score: 8.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-427

Published: April 1, 2021

Last Updated: November 21, 2024

🔗 References

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22195.json Vendor Advisory
https://gitlab.com/gitlab-org/gitlab-vscode-extension/-/issues/325 Broken Link
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22195.json Vendor Advisory
https://gitlab.com/gitlab-org/gitlab-vscode-extension/-/issues/325 Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22195, you might also want to check these: