CVE-2021-22242 – This vulnerability allows attackers to inject m... (How to Fix)

Q: What is the severity of CVE-2021-22242?

CVE-2021-22242 has a CVSS score of 8.7 (HIGH). This vulnerability allows attackers to inject malicious scripts into GitLab via Mermaid markdown diagrams, which execute when other users view the content. It affects GitLab Community Edition and Enterprise Edition versions 11.4 and above. Attackers can steal session cookies, redirect users, or perform actions on their behalf.

📋 TL;DR

This vulnerability allows attackers to inject malicious scripts into GitLab via Mermaid markdown diagrams, which execute when other users view the content. It affects GitLab Community Edition and Enterprise Edition versions 11.4 and above. Attackers can steal session cookies, redirect users, or perform actions on their behalf.

💻 Affected Systems

Products:

GitLab Community Edition
GitLab Enterprise Edition

Versions: 11.4 and above

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all deployments where Mermaid markdown is enabled (default).

📦 What is this software?

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, take over GitLab instances, access source code, and pivot to internal systems.

🟠

Likely Case

Attackers steal user session cookies to impersonate victims, potentially accessing private repositories and pipelines.

🟢

If Mitigated

With proper input validation and output encoding, the XSS payloads would be neutralized before execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated user access to create/edit markdown content with Mermaid diagrams.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 13.10.4, 13.9.7, 13.8.9

Vendor Advisory: https://about.gitlab.com/releases/2021/07/07/security-release-gitlab-13-10-4-released/

Restart Required: Yes

Instructions:

1. Backup your GitLab instance. 2. Update to patched version using package manager (apt/yum). 3. Run 'gitlab-ctl reconfigure'. 4. Restart GitLab services.

🔧 Temporary Workarounds

Disable Mermaid markdown

linux

Temporarily disable Mermaid diagram rendering in GitLab settings

gitlab-rails runner "ApplicationSetting.current.update!(mermaid_enabled: false)"

🧯 If You Can't Patch

Restrict markdown editing permissions to trusted users only
Implement WAF rules to block suspicious Mermaid content patterns

🔍 How to Verify

Check if Vulnerable:

Check GitLab version with: cat /opt/gitlab/version-manifest.txt | grep gitlab

Check Version:

sudo gitlab-rake gitlab:env:info | grep Version

Verify Fix Applied:

Verify version is 13.10.4, 13.9.7, 13.8.9 or later

📡 Detection & Monitoring

Log Indicators:

Unusual markdown content with script tags in Mermaid diagrams
Multiple failed XSS attempts in application logs

Network Indicators:

Unexpected external connections from GitLab server to attacker domains

SIEM Query:

source="gitlab" AND ("mermaid" OR "diagram") AND ("script" OR "javascript:" OR "onerror")

📊 Metadata

CVE ID: CVE-2021-22242

CVSS v3 Score: 8.7 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CWE: CWE-79

Published: August 25, 2021

Last Updated: November 21, 2024

🔗 References

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22242.json Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/332528 Broken Link
https://hackerone.com/reports/1212822 Permissions Required,Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22242.json Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/332528 Broken Link
https://hackerone.com/reports/1212822 Permissions Required,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22242, you might also want to check these: