30,000 GitLab Servers Remain Unpatched Against Critical Bug

Share post:

A critical, unauthenticated, remote code execution GitLab bug remains exploitable, with over 50% of deployments remaining unpatched after it was fixed on April 14, 2021.

The vulnerability tracked as CVE-2021-22205 with a CVSS v3 score of 10.0, allows an unauthenticated, remote attacker to execute arbitrary commands as a “git’ user. This vulnerability allows the attacker to gain full access to the repository, including deleting, modifying, and stealing source code.

Hackers first exploited internet-facing GitLab servers in June 2021 to create new users and grant them admin privileges, and then exploited a working exploit released on GitHub on June 4, 2021, to abuse the vulnerable ExifTool component.

Attackers do not need to resort to authentication or the use of a CSRF token or even a valid HTTP endpoint to exploit.

Since the exploitation continues to this day, the researchers at Rapid7 decided to draw attention to the number of unpatched systems in order to determine the extent of the underlying problem.

In a report published by Rapid7, at least 50% of the 60,000 internet-facing GitLab installations they found were not patched against the critical RCE vulnerability that had been fixed six months earlier.

In addition, another 29% may or may not be vulnerable, with analysts failing to extract the version string for those servers.

Administrators need to upgrade to one of the following versions to fix the bug:

  • 13.10.3
  • 13.9.6
  • 13.8.8

To keep GitLab instances safe from exploitation, users should check its response to POST requests that aim to exploit the incorrect handling of image files by ExifTool. The patched versions still allow someone to contact ExifTool, but the response to the request should be a rejection via an HTTP 404 error.

For more information, read the original story in BleepingComputer.



Related articles

Microsoft to block emails from “Persistently Vulnerable Exchange Servers”

Microsoft has announced a new security feature for Exchange Online that will gradually throttle and eventually block emails...

Pinduoduo removed from Google Play Store after cyberattack

According to security researchers at Lookout, Pinduoduo has been involved in a complex malware attack through its application,...

Twitter source code leaked, demands GitHub reveal who posted it there

New York Times says the code posted on GitHub had been there for months. raising securit

Okta’s login flaw exposes users to attack, says Mitiga

According to Mitiga, Okta's login system contains a simple error that could expose its users to future attacks. Users...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways