CVE-2021-39935: 
GitLab vulnerability analysis and mitigation

An issue was discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. The vulnerability allowed unauthorized external users to perform Server Side Request Forgery (SSRF) via the CI Lint API (GitLab Release, NVD).

The vulnerability is classified as a Server-Side Request Forgery (SSRF) issue with a CVSS v3.1 base score of 7.5 (HIGH) according to NVD, while GitLab Inc. assessed it as 6.8 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N. The vulnerability specifically affects the CI Lint API functionality and is categorized under CWE-918 (Server-Side Request Forgery) (NVD).

The vulnerability could allow unauthorized external users to perform Server Side Requests through the CI Lint API, potentially leading to information disclosure and unauthorized access to internal resources. This is particularly concerning in scenarios where user registration is limited and external users shouldn't have access to certain API functionalities (GitLab Release).

The vulnerability has been patched in GitLab versions 14.3.6, 14.4.4, and 14.5.2. Organizations are strongly recommended to upgrade to one of these patched versions immediately. GitLab.com was already running the patched version at the time of disclosure (GitLab Release).

The vulnerability was initially reported through GitLab's HackerOne bug bounty program by researcher @minhli. The discovery highlighted important security considerations regarding external user access controls and API security in GitLab installations (GitLab Release).