GitLab Urgently Patches Critical XSS Flaw Allowing Account Takeovers
GitLab Patches High-Severity XSS Vulnerability Enabling Account Takeovers
GitLab has addressed a high-severity vulnerability (CVE-2024-4835) that unauthenticated attackers could exploit to take over user accounts through cross-site scripting (XSS) attacks. This critical flaw resides in the VS code editor (Web IDE) and enables threat actors to steal restricted information via maliciously crafted pages.
Details of the Vulnerability
The XSS vulnerability allows attackers to execute arbitrary scripts within the user’s browser, leading to unauthorized access and potential account takeover. While exploitation does not require authentication, it does necessitate user interaction, adding complexity to the attack.
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
Urgent Security Updates Released
GitLab has released several updates to mitigate this risk:
- Versions 17.0.1, 16.11.3, and 16.10.6 for both Community Edition (CE) and Enterprise Edition (EE)
“These versions contain important bug and security fixes, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately,” GitLab announced.
Additional Security Fixes
Alongside CVE-2024-4835, GitLab also fixed six medium-severity vulnerabilities:
- CVE-2023-7045: Cross-Site Request Forgery (CSRF) via the Kubernetes Agent Server
- CVE-2024-2874: Denial-of-service (DoS) bug that disrupts loading GitLab web resources
- Runner Description DoS: Exploitation via the ‘description’ field of the runner
- CSRF in K8s Cluster-Integration: Improper use of Set Pipeline Status API
- ReDoS on Wiki Render API: Regular expression denial-of-service (ReDoS) on wiki render API/Page
- Test Report API DoS: Resource exhaustion through test_report API calls
- Guest User Access to Dependency Lists: Unauthorized access to private project dependency lists via job artifacts
Risks of Exploitation
GitLab is frequently targeted due to the sensitive nature of the data it hosts, including API keys and proprietary code. Hijacked accounts could lead to severe repercussions, such as supply chain attacks if malicious code is introduced into CI/CD pipelines.
Trending: 10 Misconceptions about Hacking
Trending: Digital Forensics Tool: dnstwist
Active Exploitation of Older Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) recently warned of active exploitation of a zero-click account hijacking vulnerability (CVE-2023-7028) patched by GitLab in January. This flaw allows unauthenticated attackers to take over accounts via password resets. Despite initial findings of over 5,300 vulnerable instances, only 2,084 remain exposed online as of now.
CISA has added CVE-2023-7028 to its Known Exploited Vulnerabilities Catalog, mandating U.S. federal agencies to secure their systems by May 22.
Immediate Action Required
Given the critical nature of these vulnerabilities, all GitLab users are strongly advised to update their installations to the latest secure versions immediately to prevent potential exploitation and ensure the security of their systems.
Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]
Source: bleepingcomputer.com
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
