Friday, May 9, 2025
HomeCVE/vulnerabilityUnauthenticated RCE Flaw in Gitlab Exploited Widely by Hackers

Unauthenticated RCE Flaw in Gitlab Exploited Widely by Hackers

Published on

SIEM as a Service

Follow Us on Google News

Cybersecurity researchers from Rapid7 have warned recently that a critical remote code execution (RCE) vulnerability has been found in the currently patched GitLab web interface. And this vulnerability is actively exploited in cyberattacks, making many Internet-connected GitLab instances vulnerable to attack. 

While this vulnerability has been tracked as CVE-2021-22205, and it is an unauthenticated remote code execution (RCE) vulnerability.

After investigating it thoroughly, it has been claimed that this issue is related to improper validation of user-supplied images that are commencing arbitrary code execution remotely. 

- Advertisement - Google News
  • CVE: CVE-2021-22205
  • Vendor Advisory: GitLab Advisory
  • IVM Content: Evaluating
  • Patching Urgency: ASAP
  • Last Update: November 1, 2021

Here we have mentioned all the patched versions below:-

  • 13.10.3
  • 13.9.6
  • 13.8.8

Exploit in the wild

When the threat actors first noted some glimpse of this attack that they have initially commenced exploiting internet-facing GitLab servers in June 2021, with the motive of creating new users and giving them all the admin rights.

Apart from this. in this exploit the threat actors don’t require to verify or use a CSRF token; not only this, but they also don’t require a valid HTTP endpoint to use the exploit.

Despite the availability of patches for more than six months, there is only 21% of the 60,000 internet-connected GitLab installations are fully patched for this particular issue.

However, the remaining 50% are still acknowledged to be vulnerable to RCE attacks. Therefore, the security experts have suggested each, and every user upgrades their GitLab to the most advanced version as soon as possible.

  • 21% of installs are fully patched against this issue.
  • 50% of installs are not patched against this issue.
  • 29% of installs may or may not be vulnerable.

Mitigation

However, Rapid7’s emergent threat response team has provided a full technical analysis of CVE-2021-22205. And they have strongly recommended all the GitLab users immediately update their vulnerable version to the latest version of GitLab.

Moreover, GitLab should not be used as a direct internet-facing service, in case if any users need to access their GitLab from the internet, they should consider placing it behind a VPN.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Fedora Linux Joins the Windows Subsystem for Linux Officially

Fedora Project has announced the official availability of Fedora Linux on the Windows Subsystem...

Microsoft Launches “Copilot+ PC” for an Upgraded Windows Experience

Microsoft has announced a significant wave of new Windows experiences designed for Copilot+ PCs,...

Nomad Bridge Hacker Apprehended in Connection with $190 Million Heist

Alexander Gurevich, a 47-year-old dual Russian-Israeli citizen, was arrested last Thursday at Ben-Gurion Airport...

160-Year-Old Haulage Firm Falls After Cyber-Attack: Director Issues Urgent Warning

The 160-year-old haulage giant Knights of Old, once a stalwart of the UK’s logistics...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Cisco IOS XE Vulnerability Allows Attackers to Gain Elevated Privileges

Cisco has issued an urgent security advisory (ID: cisco-sa-iosxe-privesc-su7scvdp) following the discovery of multiple...

Cisco IOS, XE, and XR Vulnerability Allows Remote Device Reboots

 Cisco has issued an urgent security advisory (cisco-sa-twamp-kV4FHugn) warning of a critical vulnerability in...

Cisco IOS XE Wireless Controllers Vulnerability Lets Attackers Seize Full Control

A critical security flaw has been discovered in Cisco IOS XE Wireless LAN Controllers...