The vulnerability was actively exploited in the wild, researchers from HN Security described an attack one of its customers. The vulnerability was reported by the expert vakzz through the bug bounty program of the company operated through the HackerOne platform. GitLab addressed the vulnerability on April 14, 2021, with the release of 13.8.8, 13.9.6, and 13.10.3 versions. It is now mitigated in the latest release and is assigned CVE-2021-22205.” reads the advisory published by GitLab. This is a critical severity issue ( AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, 9.9).
GitLab was not properly validating image files that is passed to a file parser which resulted in a remote command execution. “An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. The vulnerability affects all versions starting from 11.9. The vulnerability is an improper validation issue of user-provided images the can lead to arbitrary code execution.
0 kommentar(er)
