Security News > 2021 > November > Over 30,000 GitLab servers still unpatched against critical bug
A critical unauthenticated, remote code execution GitLab flaw fixed on April 14, 2021, remains exploitable, with over 50% of deployments remaining unpatched.
Hackers first started exploiting internet-facing GitLab servers in June 2021 to create new users and give them admin rights.
According to a report published by Rapid7, at least 50% of the 60,000 internet-facing GitLab installations they found are not patched against the critical RCE flaw fixed six months ago.
Any versions earlier than that and down to 11.9 are vulnerable to exploitation whether you're using GitLab Enterprise Edition or GitLab Community Edition.
For more details on how to update GitLab, check out this dedicated portal.
To ensure that your GitLab instance isn't vulnerable to exploitation, you can check its response to POST requests that attempt to exploit ExifTool's mishandling of image files.
News URL
Related news
- GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers (source)