Thousands of GitLab instances impacted by multiple security flaws

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here Multiple security vulnerabilities have been discovered by researchers in GitLab, an open-source DevOps software. Some of these flaws could allow an unauthenticated remote attacker to retrieve all information linked to GitLab users and further launch brute force attacks. The vulnerability tracked as CVE-2021-4191 is one of the prominent issue for which GitLab pushed a fix. This information disclosure vulnerability is caused by a missing authentication check when using the GitLab GraphQL API queries that may allow a remote, unauthenticated attacker to obtain registered GitLab usernames, names, and email addresses. Due to the availability of the Metasploit module, there is a probability that this vulnerability might be exploited in the wild. Organizations should update to versions 14.8.2, 14.7.4, and 14.6.5 to remediate these vulnerabilities. Potential MITRE ATT&CK TTPs are: TA0001: Initial Access T1190: Exploit-public facing application TA0007: Discovery T1087: Account Discovery TA0006: Credential Access T1110: Brute Force Vulnerability Detail Patch Link https://gitlab.com/gitlab-org/omnibus-gitlab/-/tree/14.8.2-Security-Hotpatches/config/patches/gitlab-rails https://about.gitlab.com/update/ https://docs.gitlab.com/runner/install/linux-repository.html#updating-the-runner References https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ https://github.com/rapid7/metasploit-framework/pull/16252 https://www.rapid7.com/blog/post/2022/03/03/cve-2021-4191-gitlab-graphql-api-user-enumeration-fixed/