Thursday, December 5, 2024
HomeCVE/vulnerabilityUnauthenticated RCE Flaw in Gitlab Exploited Widely by Hackers

Unauthenticated RCE Flaw in Gitlab Exploited Widely by Hackers

Published on

SIEM as a Service

Cybersecurity researchers from Rapid7 have warned recently that a critical remote code execution (RCE) vulnerability has been found in the currently patched GitLab web interface. And this vulnerability is actively exploited in cyberattacks, making many Internet-connected GitLab instances vulnerable to attack. 

While this vulnerability has been tracked as CVE-2021-22205, and it is an unauthenticated remote code execution (RCE) vulnerability.

After investigating it thoroughly, it has been claimed that this issue is related to improper validation of user-supplied images that are commencing arbitrary code execution remotely. 

- Advertisement - SIEM as a Service
  • CVE: CVE-2021-22205
  • Vendor Advisory: GitLab Advisory
  • IVM Content: Evaluating
  • Patching Urgency: ASAP
  • Last Update: November 1, 2021

Here we have mentioned all the patched versions below:-

  • 13.10.3
  • 13.9.6
  • 13.8.8

Exploit in the wild

When the threat actors first noted some glimpse of this attack that they have initially commenced exploiting internet-facing GitLab servers in June 2021, with the motive of creating new users and giving them all the admin rights.

Apart from this. in this exploit the threat actors don’t require to verify or use a CSRF token; not only this, but they also don’t require a valid HTTP endpoint to use the exploit.

Despite the availability of patches for more than six months, there is only 21% of the 60,000 internet-connected GitLab installations are fully patched for this particular issue.

However, the remaining 50% are still acknowledged to be vulnerable to RCE attacks. Therefore, the security experts have suggested each, and every user upgrades their GitLab to the most advanced version as soon as possible.

  • 21% of installs are fully patched against this issue.
  • 50% of installs are not patched against this issue.
  • 29% of installs may or may not be vulnerable.

Mitigation

However, Rapid7’s emergent threat response team has provided a full technical analysis of CVE-2021-22205. And they have strongly recommended all the GitLab users immediately update their vulnerable version to the latest version of GitLab.

Moreover, GitLab should not be used as a direct internet-facing service, in case if any users need to access their GitLab from the internet, they should consider placing it behind a VPN.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to...

Fuji Electric Indonesia Hit by Ransomware Attack

Fuji Electric Indonesia has fallen victim to a ransomware attack, impacting its operations and...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

Thinkware Cloud APK Vulnerability Allows Code Execution With Elevated Privileges

A critical vulnerability identified as CVE-2024–53614 has been discovered in the Thinkware Cloud APK...