New Security Vulnerability Affects Thousands of Self-Managed GitLab Instances (07th March 2022)

Ref# AL2022_12 | Date: Mar 7th 2022

Description

A new security vulnerability has recently been disclosed by researchers of a vulnerability found in GitLab, and open-source Devops software. The severity of the vulnerability can potentially allow a remote, unauthenticated attacker to retrieve user-related information.

Summary

Researchers categorize this vulnerability as a medium-severity flaw, tracked as CVE-2021-4191 (CVSS score: 5.3) which affects all versions of the GitLab community Edition and Enterprise Edition. This includes versions starting from 13.0 and all versions starting from 14.4 and prior to 14.8.

How it works?

Jake Baines, a senior researcher at Rapid7 has disclosed the nature of the vulnerability is based on the result of a missing authentication check when executing certain GitLab GraphQL API queries. A remote, malicious user can use this vulnerability to retrieve registered GitLab usernames, names, and email addresses.

By successfully exploiting the API information leak, malicious actors may be able to enumerate and compile lists of legitimate usernames belonging to a target, which can then be used as a steppingstone to conduct brute-force attacks such as password guessing, password spraying, and credential stuffing.

Remediation

To circumvent this type of vulnerability, users are advised to keep their systems updated by installing the latest patch.

The Guyana National CIRT recommends that users and administrations review this alert and apply it where necessary.

PDF Download: New Security Vulnerability Affects Thousands.pdf

References