Rewterz

Rewterz Threat Alert – APT Group Gamaredon aka Shuckworm – Active IOCs

November 1, 2023
Rewterz

Rewterz Threat Alert – Emergence of ExelaStealer: A Cost-Effective Cyber Threat – Active IOCs

November 1, 2023

Rewterz Threat Advisory – Multiple GitLab Community Edition and Enterprise Edition Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-3246 CVSS:4.3

GitLab Community Edition and Enterprise Edition are vulnerable to a denial of service. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to block Sidekiq job processor.

CVE-2023-3909 CVSS:4.3

GitLab Community Edition and Enterprise Edition are vulnerable to a denial of service. By adding a large string in timeout input in gitlab-ci.yml file, a remote authenticated attacker could exploit this vulnerability to cause a regular expression denial of service.

CVE-2023-5831 CVSS:3.7

GitLab Community Edition and Enterprise Edition could allow a remote attacker to obtain sensitive information, caused by a flaw when super_sidebar_logged_out feature flag is enabled. By sending a specially crafted requests, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2023-4700 CVSS:3.5

GitLab Community Edition and Enterprise Edition could allow a remote authenticated attacker to bypass security restrictions. By sending a specially crafted request, an attacker could exploit this vulnerability to run jobs in protected environments, bypassing any required approvals.

CVE-2023-5600 CVSS:4.3

GitLab Community Edition and Enterprise Edition could allow a remote authenticated attacker to obtain sensitive information. By using the service-desk template, a remote attacker could exploit this vulnerability to obtain titles.

CVE-2023-5825 CVSS:6.5

GitLab Community Edition and Enterprise Edition are vulnerable to a denial of service, caused by an infinite loop. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause the server to exhaust all available memory.

CVE-2023-3399 CVSS:6.5

GitLab Community Edition and Enterprise Edition could allow a remote authenticated attacker to obtain sensitive information. By using the custom project templates, a remote attacker could exploit this vulnerability to read the CI/CD variables.

Impact

  • Denial of Service
  • Information Disclosure
  • Security Bypass

Indicators Of Compromise

CVE

  • CVE-2023-3246
  • CVE-2023-3909
  • CVE-2023-5831
  • CVE-2023-4700
  • CVE-2023-5600
  • CVE-2023-5825
  • CVE-2023-3399

Affected Vendors

GitLab

Affected Products

  • GitLab Enterprise Edition 16.5.0
  • GitLab Community Edition 16.5.0
  • GitLab Enterprise Edition 16.4.1
  • GitLab Community Edition 16.4.1
  • GitLab Enterprise Edition 16.3.5
  • GitLab Community Edition 16.3.5

Remediation

Upgrade to the latest version of GitLab Community Edition (CE) and Enterprise Edition (EE), available from the GitLab Web site.

GitLab Web site

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.