The critical vulnerability in the Gitlab system, which allows for the compromise of accounts, has been recently added to the catalog of well-known exploited vulnerabilities by the Cybersecurity and Infrastructure Security Agency (CISA). This problem, designated as cve-2023-7028, has the maximum score on the Common Vulnerability Scoring System (CVSS) scale: 10.0, and is currently being actively exploited by attackers.
This vulnerability stemmed from changes in the Gitlab code in version 16.1.0, released on May 1, 2023, and affects all Gitlab authentication mechanisms. Even users with two-factor authentication enabled are at risk of having their passwords reset. However, full control over an account by hackers still requires access to the device linked to 2FA.
The exploitation of CVE-2023-7028 could have severe consequences, such as the theft of sensitive information and financial data, as well as the injection of malicious code into the source code repository, posing a threat to the entire supply chain’s integrity.
An example of a potential attack involves threat actors gaining access to the CI/CD configuration settings and inserting code that redirects confidential data to servers under their control. They could also tamper with the repository code to introduce malicious software, compromising systems and granting unauthorized access.
To address this threat, updates have been released for Gitlab versions 16.5.6, 16.6.4, and 16.7.2, with patches also forthcoming for versions 16.1.6, 16.2.9, 16.3.7, and 16.4.5.
In light of the active exploitation of this vulnerability, U.S. federal agencies are urged to apply the latest Gitlab patches by May 22, 2024, to secure their networks. While CISA has not disclosed specific details about the exploitation methods in real-world attacks, it stresses the urgency of addressing this threat promptly.