Thursday, March 28, 2024

Unauthenticated RCE Flaw in Gitlab Exploited Widely by Hackers

Cybersecurity researchers from Rapid7 have warned recently that a critical remote code execution (RCE) vulnerability has been found in the currently patched GitLab web interface. And this vulnerability is actively exploited in cyberattacks, making many Internet-connected GitLab instances vulnerable to attack. 

While this vulnerability has been tracked as CVE-2021-22205, and it is an unauthenticated remote code execution (RCE) vulnerability.

After investigating it thoroughly, it has been claimed that this issue is related to improper validation of user-supplied images that are commencing arbitrary code execution remotely. 

  • CVE: CVE-2021-22205
  • Vendor Advisory: GitLab Advisory
  • IVM Content: Evaluating
  • Patching Urgency: ASAP
  • Last Update: November 1, 2021

Here we have mentioned all the patched versions below:-

  • 13.10.3
  • 13.9.6
  • 13.8.8

Exploit in the wild

When the threat actors first noted some glimpse of this attack that they have initially commenced exploiting internet-facing GitLab servers in June 2021, with the motive of creating new users and giving them all the admin rights.

Apart from this. in this exploit the threat actors don’t require to verify or use a CSRF token; not only this, but they also don’t require a valid HTTP endpoint to use the exploit.

Despite the availability of patches for more than six months, there is only 21% of the 60,000 internet-connected GitLab installations are fully patched for this particular issue.

However, the remaining 50% are still acknowledged to be vulnerable to RCE attacks. Therefore, the security experts have suggested each, and every user upgrades their GitLab to the most advanced version as soon as possible.

  • 21% of installs are fully patched against this issue.
  • 50% of installs are not patched against this issue.
  • 29% of installs may or may not be vulnerable.

Mitigation

However, Rapid7’s emergent threat response team has provided a full technical analysis of CVE-2021-22205. And they have strongly recommended all the GitLab users immediately update their vulnerable version to the latest version of GitLab.

Moreover, GitLab should not be used as a direct internet-facing service, in case if any users need to access their GitLab from the internet, they should consider placing it behind a VPN.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates.

Website

Latest articles

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles