May 1, 2024 at 12:33PM
CISA warns of active exploitation of a critical GitLab vulnerability (CVE-2023-7028), allowing attackers to hijack accounts via password resets, potentially leading to supply chain attacks. While 2FA-protected accounts are safe, unpatched systems are at risk. GitLab has released fixes, and CISA urges prompt patching, especially for federal agencies and private organizations using GitLab.
From the meeting notes, it’s clear that there is a critical security vulnerability, tracked as CVE-2023-7028, in GitLab that allows attackers to exploit an improper access control weakness. This flaw can allow threat actors to send password reset emails to change the password and hijack targeted accounts without user interaction. Although accounts with two-factor authentication are protected, it’s essential to patch systems without this additional security measure.
GitLab fixed this vulnerability in versions 16.7.2, 16.5.6, and 16.6.4, and backported patches to earlier versions. It’s crucial for organizations, including both federal agencies and private organizations, to prioritize patching to prevent potential attacks.
The U.S. cybersecurity agency CISA has confirmed active exploitation of this vulnerability and ordered federal agencies to secure their systems by May 22. CISA emphasized the significant risks posed by such vulnerabilities and stressed the importance of patching for federal agencies and private organizations using the GitLab DevOps platform.
It is noted that there were 5,379 vulnerable GitLab instances exposed online in January, with approximately half of them still reachable. CISA hasn’t shared specific details about ongoing attacks but has emphasized the potential threat posed by this vulnerability. Organizations are advised to follow GitLab’s incident response guide and check for signs of compromise if they haven’t already patched the vulnerability.