Context
On January 11, 2023, GitLab released security updates to remedy two critical vulnerabilities in GitLab software. All RH-ISAC organizations are urged to immediately update to versions 16.5.6, 16.6.4, and 16.7.2, or to a version where the fix was backported (16.1.6, 16.2.9, 16.3.7, and 16.4.5). According to the security update, the flaws affected the following versions:
- 16.1 prior to 16.1.6
- 16.2 prior to 16.2.9
- 16.3 prior to 16.3.7
- 16.4 prior to 16.4.5
- 16.5 prior to 16.5.6
- 16.6 prior to 16.6.4
- 16.7 prior to 16.7.2
The vulnerabilities, designated CVE-2023-7028 (with a severity level of 10) and CVE-2023-5356 (with a severity level of 9.6), are awaiting full technical analysis.
According to the GitLab release, CVE-2023-7028 could allow “user account password reset emails [to] be delivered to an unverified email address” and CVE-2023-5356 “allows a user to abuse Slack/Mattermost integrations to execute slash commands as another user.”
Community Threat Assessment
RHISAC intelligence team assesses that these vulnerabilities are a critical potential threat to organizations using vulnerable versions of GitLab, and all organizations are advised to check their versions and update immediately if needed. Additionally, GitLab security remains a critical facet of cyber defense for organizations.
A current fix for CVE-2023-7028 and CVE-2023-5356 in GitLab comes at a time when GitHub instances are seeing heavy attention from threat actors. In the past month, Recorded Future reported “frequent abuse of GitHub’s services by cybercriminals and advanced persistent threats (APTs) for various malicious infrastructure schemes” and security researchers shared a novel supply chain attack type focused on GitHub instances.
GitLab and GitHub instances are high-value targets for threat actors for several reasons, including the important and sensitive nature of data stored and the ability to mask malicious activity inside legitimate traffic and code. As such, organizations are encouraged to prioritize the security of their GitLab and GitHub operations and maintain situational awareness regarding emerging threats to the platform.
