nuclei-templates icon indicating copy to clipboard operation
nuclei-templates copied to clipboard

Published 20 hours ago verified publisher icon projectdiscovery

CVE-2021-22205.yaml is not correct

Open nibiwodong opened this issue 2 years ago • 1 comments

Nuclei Version:

Template file:

https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/2021/CVE-2021-22205.yaml

This PoC detect application-xxx.cssfile,to indentify gitlab version. This may not a right way. https://github.com/0xa-saline/gitlab-version/blob/main/README.MD Like gitlab ce 13.10.1/13.10.2/13.10.3/13.10.4/13.10.5 viersion, the css file is the same "application-02aa9533ec4957bb01d206d6eaa51d762c7b7396362f0f7a3b5fb4dd6088745b.css"

Command to reproduce:

Anything else:

nibiwodong avatar Aug 22 '22 11:08 nibiwodong

Hi @nibiwodong, The response time to this issue was much longer than usual. Thank you for taking the time to create this issue and for contributing to this project 🍻

The Gitlab Red Team has created this template, stating that there is a remote command execution vulnerability in GitLab CE/EE versions starting from 11.9 due to improper validation of image files passed to a file parser. Can you please confirm whether versions 13.10.1/13.10.2/13.10.3/13.10.4/13.10.5, which are matched by the template, are not vulnerable?

princechaddha avatar Apr 21 '23 10:04 princechaddha