GitLab fixes serious SSRF flaw that exposed orgs internal servers – The Daily Swig

John Leyden17 June 2021 at 15:03 UTC Updated: 17 June 2021 at 15:06 UTC

DevSecOops

Programming code-share platform GitLab has fixed a server-side request forgery (SSRF) issue in a software library after the problem was flagged by a security researcher.

Server-side request forgery is a class of web security vulnerability that allows, for example, an attacker to force a vulnerable server to make a connection to internal services within an organizations infrastructure.

Researcher Vin01 discovered that GitLabs CI Lint API, a library related to code handling and managing developer workflows, was flawed.

Catch up with the latest DevOps news and analysis

After discovering the problem last December, the researcher reported it to GitLab, which responded by publishing a temporary fix in February.

GitLab followed up with a more complete patch early this month, clearing the way for Vin01 to publish a detailed technical write-up of their findings.

The affected CI Lint API is used to validate CI/CD YAML configuration for GitLab instances. A flaw in the technology, if left unaddressed, created a means for miscreants to steal sensitive info such as passwords and cloud service credentials, Vin01 told The Daily Swig.

Installations which had a particular configuration in place to allow internal network requests from GitLab were vulnerable to server-side request forgery (SSRF), where an attacker could have sent a request to internal servers by jumping from the public facing GitLab servers.

These internal servers are usually not exposed to the internet as they are only meant to be used internally and may contain sensitive information like passwords, API keys, cloud service credentials, which could have been stolen as a result of this vulnerability.

Public facing GitLab servers are quite common, and the issue in hand was exacerbated because no authentication was required in order to exploit it.

The vulnerabilities are tracked as CVE-2021-22175 and CVE-2021-22214.

READ MORE Vulnerability in Microsoft Teams granted attackers access to emails, messages, and personal files

In my research I saw hundreds of vulnerable GitLab servers including but not limited to many open source projects, government departments and universities which use GitLab for hosting their code and integrate it with their infrastructure, Vin01 added.

The security researcher has put together a small script to test if a GitLab server is vulnerable, availableon GitHub.

Vin01 praised GitLabs handling of the disclosure process, adding that even though they have since privately warned many affected organizations about their exposure to the flaw, there are still many vulnerable instances.

RELATED Security researcher turns Apache Airflow into bug bounty cash cow

Read more here:
GitLab fixes serious SSRF flaw that exposed orgs internal servers - The Daily Swig

Related Posts
This entry was posted in $1$s. Bookmark the permalink.