An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HGitLab
APPGitlab11.9.0 – 13.8.8 (bez)13.9.0 – 13.9.6 (bez)13.10.0 – 13.10.3 (bez)
CISA KEV — detailsi
- Vendori
- GitLab ↗
- Producti
- Community and Enterprise Editions
- Added to KEVi
- November 3, 2021
- Remediation deadline (US Federal)i
- November 17, 2021(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
Apply updates per vendor instructions.
GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.
Related vulnerabilities
GitLab: Przejęcie konta przez reset hasła na niezweryfikowany e-mail
GitLab CE/EE: uruchomienie pipeline jako inny użytkownik (privilege escalation)
GitLab EE: uruchamianie pipeline CI/CD na dowolnych gałęziach bez autoryzacji
GitLab CE/EE — uruchomienie pipeline jako dowolny użytkownik (CWE-290)
Ruby-SAML: pominięcie weryfikacji podpisu odpowiedzi SAML — Auth Bypass