GitLab is a free and open-source platform for developers to collaborate on code. Hackers have found a way to remotely execute OS commands in some versions of GitLab, which can be used by attackers to take over servers.
An improperly configured GitLab installation on a web server could allow attackers to execute commands remotely with the user’s privileges. This vulnerability was discovered by Alyssa Milburn of GitHub and reported to GitLab in May 2017, but it remains unpatched.
The “exiftool” is a command-line tool that allows users to extract meta data from images. This vulnerability in GitLab could allow attackers to remotely execute OS commands by exploiting the exiftool.
Alexandru Poloboc is an author.
Editor of the News
Alex spent the most of his time working as a news reporter, anchor, and on TV and radio, with an overriding drive to always get to the bottom of things and find the truth… Continue reading
It seems that no matter how far businesses are ready to go to secure their goods, attackers are always one step ahead of them and devise clever methods to circumvent all safeguards.
Keeping your sensitive data safe in an ever-changing internet environment is becoming more challenging, and we’re here to warn you about another vulnerability that’s being actively exploited in the wild.
Another GitLab flaw has been discovered and exploited in the wild.
Two suspect user accounts with admin access were discovered on the GitLab CE server, according to HN Security.
These two individuals seem to have been created between June and July 2021, and their usernames appear to be random. Because this version of GitLab CE permits user registration by default, this was doable.
Furthermore, the email address entered upon registration is not automatically checked. This implies that the newly formed user will be immediately signed in without having to do anything else.
To make things even more confusing, the administrators get no alerts.
The specialists were intrigued by one of the uploaded files, so they put up their own GitLab server and tried to duplicate what they had seen in the wild.
An attack for CVE-2021-22205 that was recently revealed exploits the upload feature to remotely execute arbitrary OS instructions.
ExifTool, an open-source utility for removing information from photos, has a vulnerability in which it fails to parse specific metadata present in the uploaded image.
GitLab is made up of many components, including Redis and Nginx. gitlab-workhorse is the one that handles uploads, and it runs ExifTool before giving the final attachment to Rails.
A bit further digging into the logs revealed evidence of two unsuccessful uploads in the Workhorse logs.
The public exploit’s payload may run a reverse shell, however the payload used against our client merely elevated the permissions of two already registered users to admin.
user = User.find by(username: “czxvcxbxcvbnvcxvbxv”);user.admin=”true”;user.save!’ echo ‘user = User.find by(username: “czxvcxbxcvbnvcxvbxv”);user.admin=”true”;user.save!’ | gitlab-rails console /usr/bin/echo | gitlab-rails console base64 -d | /usr/bin/gitlab-rails console dXNlciA9IFVzZXIuZmluZF9ieSh1c2VybmFtZTogImN6eHZjeGJ4Y3ZibnZjeHZieHYiKTt1c2VyLmFkbWluPSJ0cnVlIjt1c2VyL
So, what looked to be a privilege escalation issue turned out to be a remote code execution vulnerability.
According to security experts, the whole exploitation procedure consists of just two queries.
There’s no need to utilize the API to discover a legitimate project, create an issue, or, most crucially, login on a default GitLab installation (up to version 13.10.2).
At the time of writing, all of the vulnerabilities highlighted in the article (ExifTool, API abuse, User registration, and so on) were not present in the newest GitLab CE version.
However, we highly suggest you to exercise care while interacting with anything that requires you to be online in order to avoid any unpleasant situations.
What are your thoughts on the situation? Please let us know what you think in the comments area below.
Was this page of assistance to you?
Thank you very much!
There are insufficient details It’s difficult to comprehend Other Speak with a Professional
Start a discussion.
The “gitlab 13.10 exploit” is a vulnerability that has been present for a while. Attackers can remotely execute OS commands by exploiting the issue.
Related Tags
- exiftool privilege escalation
- exiftool rce
- gitlab exploit 2020
- gitlab hack
- please access gitlab from a web browser to accept these terms
