See runZero in action

Contact us to book a demo with our team.

Rapid response

Finding GitLab instances

(updated ), by Pearce Barry
icon

The development team at GitLab issued a new critical security release that patches seven recently-disclosed vulnerabilities in GitLab software. Reported by customers, security researchers, and GitLab team members, these vulnerabilities are located in various components of the software and affect both GitLab Community and Enterprise editions:

  • CVE-2022-0735 (CVSS “critical” score of 9.6) - Unauthorized users can steal runner registration tokens via quick actions commands
  • CVE-2022-0549 (CVSS “medium” score of 6.5) - Unprivileged users can add other users to groups via the API
  • CVE-2022-0751 (CVSS “medium” score of 6.5) - snippet content can be manipulated to display inaccurate/misleading data from an unauthorized user
  • CVE-2022-0741 (CVSS “medium” score of 5.8) - Environment variables can be leaked via sendmail
  • CVE-2021-4191 (CVSS “medium” score of 5.3) - User enumeration of private GitLab instances (with restricted sign-ups) can be possible by unauthenticated users via the GraphQL API
  • CVE-2022-0738 (CVSS “medium” score of 4.2) - User passwords can be leaked when adding pull mirrors with SSH credentials
  • CVE-2022-0489 (CVSS “low” score of 3.5) - A denial-of-service condition can be trigger by using the math feature with a specific formula in issue comments

Is an update available? #

To avoid possible exploitation of the above vulnerabilities, GitLab recommends all admins update to GitLab versions 14.8.2, 14.7.4, and 14.6.5 for Community Edition (CE) and Enterprise Edition (EE) installations. If upgrading instances isn’t viable in the near-term, GitLab does provide a hotpatch for the runner token disclosure vulnerability–the most severe vulnerability of the bunch–for a number of GitLab versions, suitable as a temporary mitigation until a full update can be performed.

How do I find potentially vulnerable GitLab instances with runZero? #

From the Asset Inventory, use the following pre-built query to locate GitLab assets within your network that are potentially vulnerable:

product:gitlab
Find GitLab instances

As always, any prebuilt queries we create are available from our Queries Library. Check out the library for other useful inventory queries.

Free runZero trial

Don’t have runZero and need help finding potentially vulnerable GitLab instances?

Start your free trial
runZero on laptop
Pearce Barry
Written by Pearce Barry

Pearce Barry is a Director of Security Research at runZero. Barry joined runZero in June 2021, working on the Metasploit Project the four years prior. Now, Pearce leads research efforts at runZero, which includes creating and improving fingerprints, adding to protocols, enhancing scanning logic, and writing queries.

Query

Similar Content

November 9, 2023

How to find SysAid Help Desk instances

How to find SysAid Help Desk instances # On the evening of November 8th Microsoft Threat Intelligence announced that they had discovered attacks by a ransomware gang against the SysAid Help Desk software using a zero-day exploit (CVE-2023-47246). These attacks leveraged a …

Read More

November 1, 2023

How to find Apache ActiveMQ instances

How to find Apache ActiveMQ® instances # On October 25th the Apache team announced a vulnerability (CVE-2023-46604) in ActiveMQ that could lead to unauthenticated remote code execution. Shortly after the issue was disclosed exploits started to appear and the Rapid7 MDR team …

Read More

October 30, 2023

Finding NGINX Ingress Controllers with runZero

Today, three vulnerabilities in the NGINX Ingress Controller for Kubernetes were disclosed, as described in this article from The Hacker News. These vulnerabilities have CVSS scores ranging from 7.6 to 8.8; all of these scores are considered high. These vulnerabilities have …

Read More