Critical GitLab Bug Under Exploit Enables Account Takeover, CISA Warns

  /     /     /  
Publicated : 23/11/2024   Category : security


Critical GitLab Bug Under Exploit Enables Account Takeover, CISA Warns


Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.



A critical security vulnerability in
GitLab
is under active attack, according to CISA. It allows bad actors to send password reset emails for any account to an email address of their choice, thus paving the way for account takeover.
This will allow attackers to reset the password just as if they were a user that had legitimately forgotten theirs, says Erich Kron, security awareness advocate at KnowBe4. From there, the account would belong to the bad actors.
Further, Kron warned that if adversaries choose to change the legitimate associated email address for a GitLab account theyve infiltrated, they could then keep the rightful account owner from being able to log in or use the password recovery function to change it back.
CISA added the vulnerability,
CVE-2023-7028
, to its Known Exploited Vulnerabilities (KEV) catalog as a GitLab Community and Enterprise Editions Improper Access Control Vulnerability. The agency noted that the bug is maximum severity with a 10 out of 10 CVSS vulnerability-severity score, and is requiring Federal Civilian Executive Branch (FCEB) agencies to remediate FCEB networks against the active threat.
Sajeeb Lohani, senior director of cybersecurity at Bugcrowd, said there are publicly available exploits for the bug as well, so defenders shouldnt sit on this one.
Since the exploit itself is quite simple to pull off, the bar of entry for the exploit is low, implying less skilled hackers will also be able to exploit this issue, he says. In simple terms, this is an issue you want to patch promptly.
David Brumley, cybersecurity professor at Carnegie Mellon and CEO of ForAllSecure, explains that the stakes are high for organizations because GitLab stores source code and proprietary data.
Theres always the risk of an attacker injecting malicious code into the supply chain as well, but that requires the changes not being flagged elsewhere, he explains. While data exfiltration typically wont run up against other checks, the point of a source control platform is that you can easily transfer code in and out of it to local machines.
He recommended that organizations that manage their own GitLab deployments should ensure they have a plan to upgrade to a patched version if they havent already done so.
If that cant be done immediately, then mitigations should be employed, he says. You need to ensure that you have regular password rotation or use a separate identity provider for authentication.
Larger organizations may want to also consider tools that can identify anomalous activity based on user actions, which could flag compromised accounts for quarantine.
Defending against these types of attacks goes back to security basics. For instance, Kron suggests that one of the most effective ways to counter attacks such as unauthorized password changes is the use of multifactor authentication (MFA), which attackers
keep trying to circumvent
.
He added that while MFA is not unhackable, it can add enough complexity to the account takeover process that the bad actors may fail.
Even if they could reset your password, they will not be able to log in without the second factor, he says. This could prevent them from changing the recovery email address, making them unable to lock the rightful account owner out.
Patrick Tiquet, vice president of security and architecture at Keeper Security, meanwhile notes the most effective method to prevent account-based cyberattacks is to invest in a
zero-trust and zero-knowledge cybersecurity architecture
that will limit, if not altogether prevent, a bad actors access.
He also says a
privileged access management
(PAM) solution is imperative for IT administrators and security personnel to manage and secure privileged credentials and ensure least-privilege access.
Additionally, each organizations patch management strategy needs to have a fast track for critical vulnerabilities with high possible severities — like this one — to ensure they can immediately take action, Tiquet says.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Critical GitLab Bug Under Exploit Enables Account Takeover, CISA Warns