More than 30,000 GitLab Servers Remain Unpatched

More than half of all GitLab installations are still vulnerable to a major unauthenticated, remote code execution GitLab flaw that was fixed in April 2021.

GitLab is a web-based DevOps lifecycle solution developed by GitLab Inc. that includes a Git repository manager, wiki, issue tracking, and a continuous integration and deployment pipeline with an open-source license.

The code was originally built in Ruby, with some components subsequently rewritten in Go, as a source code management solution for software development collaboration within a team. It eventually grew into an integrated software development life cycle solution, and then into the entire DevOps life cycle.

What Happened?

The CVE-2021-22205 vulnerability, which has a CVSS v3 score of 10.0, allows an unauthenticated, remote attacker to execute arbitrary instructions as the ‘git’ user (repository admin).

This flaw grants a remote attacker complete control over the repository, including the ability to delete, change, and steal source code.

In June 2021, hackers started to attack internet-facing GitLab servers to create new users and provide them administrative privileges.

The attackers took advantage of a functional exploit released on GitHub on June 4, 2021, which allowed them to take advantage of the ExifTool component’s vulnerability.

To utilize the vulnerability,

Read More: