top of page
Search

Hackers widely exploited Gitlab's unauthenticated RCE flaw



About the Exploit


Rapid7 cybersecurity experts recently reported that a major remote code execution (RCE) vulnerability has been discovered in the presently patched GitLab web interface. This vulnerability is actively used in assaults, rendering many GitLab instances connected to the Internet susceptible to attack.


While CVE-2021-22205 has been assigned to this issue, it is an unauthenticated remote code execution (RCE) vulnerability.


Following a comprehensive investigation, it has been determined that this issue is connected to incorrect validation of user-supplied pictures, which are launching arbitrary code execution remotely.


  • CVE: CVE-2021-22205

  • Vendor Advisory: GitLab Advisory

  • IVM Content: Evaluating

  • Patching Urgency: ASAP

  • Last Update: November 1, 2021


Here we have mentioned all the patched versions below: -


  • 13.10.3

  • 13.9.6

  • 13.8.8


When threat actors first had a peek of this assault, they began targeting internet-facing GitLab servers in June 2021, with the goal of generating new accounts and granting them full admin access.

Aside from that, the threat actors in this vulnerability do not need to check or utilise a CSRF token; moreover, they do not need a legitimate HTTP endpoint to use the exploit.


Despite the fact that updates have been available for more than six months, just 21% of the 60,000 internet-connected GitLab installations are fully patched for this specific problem.


However, the remaining 50% are still considered vulnerable to RCE assaults. As a result, security experts recommend that each and every user upgrade their GitLab to the most recent version as soon as possible.

  • 21% of installs are fully patched against this issue.

  • 50% of installs are not patched against this issue.

  • 29% of installs may or may not be vulnerable.


Mitigation


Rapid7's emergent threat response team, on the other hand, has released a comprehensive technical examination of CVE-2021-22205. They have also strongly advised all GitLab users to quickly upgrade their vulnerable version to the most recent version of GitLab.


Furthermore, GitLab should not be utilised as a direct internet-facing service; if any users want internet access to their GitLab, they should consider putting it behind a VPN.

8 views0 comments

Comments


bottom of page