Urgent Security Alert: Critical Flaws in GitLab Require Immediate Action

Urgent Security Breach in GitLab: Immediate Action Required

TLP: CLEAR

ALERT BULLETIN:

DATE: 01/17/2024

Briefing:

A critical security flaw (CVE-2023-7028) has been identified in both the GitLab Community Edition (CE) and Enterprise Edition (EE). In response, GitLab has urgently deployed critical updates in versions 16.7.2, 16.6.4, and 16.5.6.

CVE-2023-7028 (rated CVSS 10) is a critical vulnerability allowing unauthorized account access through password reset manipulation. Attackers can potentially seize control of accounts by directing password reset emails to unverified email addresses. This vulnerability impacts the following GitLab versions:

• 16.1 to 16.7.1
• Resolved in the subsequent versions:
  • 16.1.6
  • 16.2.9
  • 16.3.7
  • 16.4.5
  • 16.5.6
  • 16.6.4
  • 16.7.2

A critical vulnerability (CVE-2023-5356, CVSS 9.6) was discovered, involving the misuse of Slack/Mattermost integrations for executing unauthorized slash commands. This issue affects versions 8.13 to 16.7.1, with remedies applied in versions 16.5.6, 16.6.4, and 16.7.2.

The active exploitation of CVE-2023-7028 has been observed, but GitLab.com is secure and has been updated to the fixed version. Accounts with two-factor authentication (2FA) are safeguarded against this breach. Users without 2FA should activate it promptly.

iFlock Security Consulting's Advisory:

For CVE-2023-7028 and CVE-2023-5356, GitLab's FAQ provides insights on the vulnerabilities' impact, recommended user actions, and confirmation of issue resolution in the latest security release.  GitLab also details its future strategies to prevent similar security issues.

Indicators of Compromise (IoCs):

Currently, no IoCs related to CVE-2023-7028 or CVE-2023-5356 have been identified. iFlock Security Consulting is actively monitoring IoCs and will promptly inform customers of any developments. For detailed guidance on safeguarding your organization, contact your iFlock Security Consulting Account Executive.

iFlock Security Consulting's Protective Measures:

With the erosion of traditional security perimeters due to expanding endpoints, cloud adoption, and digital transformation, attack surfaces have grown significantly. iFlock Security Consulting offers comprehensive vulnerability management to ensure visibility and control over every threat, device, entry point, and vulnerability.

Reference Materials:

• GitLab Critical Security Release: 16.7.2, 16.6.4, 16.5.6 | GitLab
• Immediate Action Required: Critical GitLab Flaw Permits Account Takeover (CVE-2023-7028) - Help Net Security
• Alert: GitLab Issues Fixes for Critical Security Gaps - Act Now (thehackernews.com)
• CVE - CVE-2023-7028 (mitre.org)