Security News > 2021 > November > Tens of thousands unpatched GitLab servers under attack via CVE-2021-22205
Attackers are actively exploiting an "Old" vulnerability to take over on-premise GitLab servers, Rapid7 researcher Jacob Baines warns.
The additional bad news is that at least half of the 60,000 internet-facing GitLab installations the company detects are not patched against this issue.
Patched by GitLab in April 2021, the vulnerability stems from the service's web interface improper validation of image files passed to the service's embedded version of ExifTool, and allows attackers to achieve remote code execution without having to authenticate to the server first.
CVE-2021-22205 affects all versions of both GitLab Enterprise Edition and GitLab Community Edition starting from 11.9, so any of the later versions will do.
Those who have failed to upgrade their GitLab instances are advised to do so immediately.
"If you need to access your GitLab from the internet, consider placing it behind a VPN," Baines advised.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/jd56c1X64gU/
Related news
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-23 | CVE-2021-22205 | Code Injection vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. | 10.0 |