The GitLab community is getting a rather major security challenge with the find of 2 critical vulnerabilities that haunt all variations just before 16.7.2, 16.6.4, & 16.5. Two of these vulnerabilities, CVE-2023-7028 and CVE-2023-5356 constitute severe security issues that can severely affect both the security and the integrity of code repositories and project data hosted on GitLab. This is highly dangerous and has to be addressed urgently.
CVE-2023-7028: Account Takeover Without User Interaction
Rated 10.0 critical, this vulnerability allows a attacker to reset any GitLab account password knowing only the user account without needing to know the user’s existing password or have an existing uncontrolled email account. With this, intruders can take over the affected accounts entirely, allowing them to access sensitive data, change code repositories or interrupt project operations. This override even bypasses the 2FA challenge for accounts with 2FA enabled.
CVE-2023-5356: Unauthorized Code Execution via Slack and Mattermost Integrations
The vulnerability also allows attackers to exploit GitLab’s Slack and Mattermost integrations to execute arbitrary code within the affected instance. Bugs in change tracking could allow an attacker to tamper with code in repositories, deploy malwares and/or steal sensitive data. It can be exploited to escalate any damage the attackers do with CVE-2023-7028 because they could get more access and more control of the compromised accounts and projects.
Immediate Actions to be Taken
- Upgrade to the latest patched version: All GitLab users are encouraged to update to the latest patched version right away. Follow the GitLab Releases for these releases for instructions on how to install: GitLab Releases
- Enable 2FA: Although not a complete mitigation against CVE-2023-7028, enabling 2FA on all GitLab accounts does add an additional factor of authentication and seconds to remediate compromised accounts.
- Check permission settings: Analyze user permissions on your GitLab instance and reduce their values to a minimum level to limit any impact exposed accounts may have.
- Monitor logs: Make sure to deploy enterprise logging and monitoring practices, this will help you detect any suspicious moves and eventually potential breaches soon.
- Inform and educate: Share this information with your team members and collaborators to ensure everyone is aware of the vulnerabilities and the necessary mitigation steps.
The Impact and Importance of Addressing These Vulnerabilities
These vulnerabilities highlight the critical importance of prioritizing security best practices within the GitLab environment. Failure to address these vulnerabilities promptly could result in:
- Account compromise and data breaches: Sensitive data, including source code, user credentials, and project information, could be compromised and exposed to unauthorized parties.
- Project disruption and sabotage: Malicious actors could manipulate code repositories, deploy disruptive software, and compromise project integrity.
- Reputational damage: Organizations and individuals relying on GitLab for critical projects could face reputational damage due to security breaches and data leaks.
Conclusion
The discovery of these vulnerabilities, and their severity highlight the need for a more proactive security approach within the GitLab community. Immediately applying patches, increasing security measures, and helping increase security awareness can help reduce the risk of these vulnerabilities and protect the GitLab project integrity. Through acting decisively and working together, the GitLab community can meet these challenges, and ensure a secure and trusted platform for collaborative software development.
Additional Resources
- GitLab Security Release Notes: Release Notes
- GitLab Security FAQ: Security FAQ
- CVE-2023-7028 Details: CVE Details
- CVE-2023-5356 Details: CVE Details
Remember, security is an ongoing process. Stay informed, stay vigilant, and take proactive steps to secure your GitLab environment.
