A now-patched critical remote code execution (RCE) vulnerability in GitLab’s web interface has been discovered to be being exploited, cybersecurity researchers warn. warning, leaving a large number of GitLab instances on the internet vulnerable.
Hackers exploit unauthenticated RCE vulnerability on GitLab
This vulnerability is CVE-2021-22205, the issue is related to improper validation of user-supplied images resulting in arbitrary code execution. The vulnerability, which affects all versions starting from 11.9, has since been addressed by GitLab on April 14, 2021 in versions 13.8.
In one of the actual attacks detailed last month by HN Security, two user accounts with administrative privileges were registered on a publicly accessible GitLab server belonging to a hidden client. name by exploiting the aforementioned vulnerability to upload a malicious payload that results in remote command execution, including obtaining elevated permissions.
Although the vulnerability was initially treated as a case of authenticated RCE and assigned a CVSS score of 9.9, the severity rating was revised to 10.0 on September 21, 2021 due to the fact that it can also be triggered by unauthenticated threat actors.
“Despite the small change in CVSS scores, a change from authenticated to unauthenticated has big implications for those who are not,” said cybersecurity firm Rapid7 in an alert published Monday. network security”.
Although patches have been publicly available for more than six months, of the 60,000 GitLab installations on the internet, only 21% are said to have been fully patched to combat the vulnerability, with another 50%. are still vulnerable to RCE attacks.
Due to the unconfirmed nature of this vulnerability, exploits are expected to increase, prompting GitLab users to update to the latest version as soon as possible. Also, ideally, GitLab should not be a service that connects to the internet, the researchers said. “If you need to access your GitLab from the Internet, consider putting it behind a VPN.”
You can view additional technical analysis regarding this vulnerability here.
In addition, Winrar is also affected by a very serious RCE vulnerability, you can read more here.