CVE-2021-22234
📋 TL;DR
This vulnerability in GitLab allows attackers to read arbitrary files on the server by uploading a specially crafted design image. It affects all GitLab CE/EE instances running vulnerable versions, potentially exposing sensitive configuration files, source code, or credentials.
💻 Affected Systems
- GitLab Community Edition
- GitLab Enterprise Edition
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise through reading sensitive files like SSH keys, database credentials, or configuration secrets leading to lateral movement and data exfiltration.
Likely Case
Unauthorized access to sensitive files containing API keys, tokens, or source code, potentially enabling further attacks.
If Mitigated
Limited impact with proper network segmentation and file access controls, though sensitive data exposure still possible.
🎯 Exploit Status
Requires authenticated user access to upload design images. Proof-of-concept exploits are publicly available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 13.11.7, 13.12.8, 14.0.4 or later
Vendor Advisory: https://about.gitlab.com/releases/2021/08/31/security-release-gitlab-14-0-4-released/
Restart Required: Yes
Instructions:
1. Backup your GitLab instance. 2. Update to GitLab 13.11.7, 13.12.8, 14.0.4 or later using your package manager. 3. Restart GitLab services. 4. Verify the update was successful.
🔧 Temporary Workarounds
Disable design image uploads
linuxTemporarily disable the ability to upload design images to prevent exploitation.
gitlab-rails console
ApplicationSetting.first.update(design_management_enabled: false)
🧯 If You Can't Patch
- Restrict design image upload permissions to trusted users only
- Implement network segmentation to isolate GitLab from sensitive systems
🔍 How to Verify
Check if Vulnerable:
Check GitLab version via admin panel or command: cat /opt/gitlab/version-manifest.txtCheck Version:
sudo gitlab-rake gitlab:env:info | grep 'GitLab Version'Verify Fix Applied:
Confirm version is 13.11.7+, 13.12.8+, or 14.0.4+ and test design image upload functionality.📡 Detection & Monitoring
Log Indicators:
- Unusual design image uploads
- File read attempts in application logs
- Errors from file path traversal
Network Indicators:
- Suspicious file download patterns from GitLab instance
SIEM Query:
source="gitlab" AND (event="design_upload" OR message="*path traversal*")🔗 References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22234.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/335205
- https://hackerone.com/reports/1212067
- https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22234.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/335205
- https://hackerone.com/reports/1212067
