Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
March 4, 2022Rewterz Threat Advisory – CVE-2021-44747 – F-Secure Linux Security Vulnerability
March 4, 2022Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
March 4, 2022Rewterz Threat Advisory – CVE-2021-44747 – F-Secure Linux Security Vulnerability
March 4, 2022Severity
High
Analysis Summary
CVE-2022-0735
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorized user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands.
CVE-2022-0549
An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under certain conditions, GitLab REST API may allow unprivileged users to add other users to groups even if that is not possible to do through the Web UI.
CVE-2022-0751
Inaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an unauthorized actor to create Snippets with misleading content, which could trick unsuspecting users into executing arbitrary commands.
CVE-2022-0741
Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an unauthorized actor to steal environment variables via specially crafted email addresses.
CVE-2021-4191
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.0 and all versions starting from 14.4 before 14.8. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration by unauthenticated users through the GraphQL API.
CVE-2022-0738
An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, and all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific conditions.
CVE-2022-0489
An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15. It was possible to trigger a DOS by using the math feature with a specific formula in issue comments.
Impact
- Unauthorized Access
- Privilege Escalation
- Credential Theft
- Denial of Service
- Information Theft
Indicators of Compromise
CVE
- CVE-2022-0735
- CVE-2022-0549
- CVE-2022-0751
- CVE-2022-0741
- CVE-2021-4191
Affected Vendors
GitLab
Affected Products
All versions of GitLab CE/EE
GitLab Omnibus prior to 14.8
Remediation
Refer to GitHUB Advisory for patch, upgrade, or suggested workaround information.
https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/