Urgent Security Breach in GitLab: Immediate Action Required
TLP: CLEAR
ALERT BULLETIN:
DATE: 01/17/2024
Briefing:
A critical security flaw (CVE-2023-7028) has been identified in both the GitLab Community Edition (CE) and Enterprise Edition (EE). In response, GitLab has urgently deployed critical updates in versions 16.7.2, 16.6.4, and 16.5.6.
CVE-2023-7028 (rated CVSS 10) is a critical vulnerability allowing unauthorized account access through password reset manipulation. Attackers can potentially seize control of accounts by directing password reset emails to unverified email addresses. This vulnerability impacts the following GitLab versions:
- 16.1 to 16.7.1
- Resolved in the subsequent versions:
- 16.1.6
- 16.2.9
- 16.3.7
- 16.4.5
- 16.5.6
- 16.6.4
- 16.7.2
A critical vulnerability (CVE-2023-5356, CVSS 9.6) was discovered, involving the misuse of Slack/Mattermost integrations for executing unauthorized slash commands. This issue affects versions 8.13 to 16.7.1, with remedies applied in versions 16.5.6, 16.6.4, and 16.7.2.
The active exploitation of CVE-2023-7028 has been observed, but GitLab.com is secure and has been updated to the fixed version. Accounts with two-factor authentication (2FA) are safeguarded against this breach. Users without 2FA should activate it promptly.
iFlock Security Consulting's Advisory:
For CVE-2023-7028 and CVE-2023-5356, GitLab's FAQ provides insights on the vulnerabilities' impact, recommended user actions, and confirmation of issue resolution in the latest security release. GitLab also details its future strategies to prevent similar security issues.
Indicators of Compromise (IoCs):
Currently, no IoCs related to CVE-2023-7028 or CVE-2023-5356 have been identified. iFlock Security Consulting is actively monitoring IoCs and will promptly inform customers of any developments. For detailed guidance on safeguarding your organization, contact your iFlock Security Consulting Account Executive.
iFlock Security Consulting's Protective Measures:
With the erosion of traditional security perimeters due to expanding endpoints, cloud adoption, and digital transformation, attack surfaces have grown significantly. iFlock Security Consulting offers comprehensive vulnerability management to ensure visibility and control over every threat, device, entry point, and vulnerability.
Reference Materials:
- GitLab Critical Security Release: 16.7.2, 16.6.4, 16.5.6 | GitLab
- Immediate Action Required: Critical GitLab Flaw Permits Account Takeover (CVE-2023-7028) - Help Net Security
- Alert: GitLab Issues Fixes for Critical Security Gaps - Act Now (thehackernews.com)
- CVE - CVE-2023-7028 (mitre.org)
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
Data Breach Prevention for Food and Beverage Companies
Understanding the Unique Cybersecurity Risks in the Food and Beverage Industry:Explore how digital transactions, loyalty programs, supply chain integrations, and IoT devices in production environments create potential vulnerabilities unique to the food and beverage sector. Essential Data...
The Impact of Ransomware on the Food and Beverage Industry
Ransomware has emerged as one of the most disruptive cyber threats to businesses across all sectors, and the food and beverage industry is no exception. This type of attack can have devastating consequences, from halting production lines to compromising customer data, leading to significant...