Finding GitLab instances

, by Pearce Barry

The development team at GitLab issued a new critical security release that patches seven recently-disclosed vulnerabilities in GitLab software. Reported by customers, security researchers, and GitLab team members, these vulnerabilities are located in various components of the software and affect both GitLab Community and Enterprise editions:

  • CVE-2022-0735 (CVSS “critical” score of 9.6) - Unauthorized users can steal runner registration tokens via quick actions commands
  • CVE-2022-0549 (CVSS “medium” score of 6.5) - Unprivileged users can add other users to groups via the API
  • CVE-2022-0751 (CVSS “medium” score of 6.5) - snippet content can be manipulated to display inaccurate/misleading data from an unauthorized user
  • CVE-2022-0741 (CVSS “medium” score of 5.8) - Environment variables can be leaked via sendmail
  • CVE-2021-4191 (CVSS “medium” score of 5.3) - User enumeration of private GitLab instances (with restricted sign-ups) can be possible by unauthenticated users via the GraphQL API
  • CVE-2022-0738 (CVSS “medium” score of 4.2) - User passwords can be leaked when adding pull mirrors with SSH credentials
  • CVE-2022-0489 (CVSS “low” score of 3.5) - A denial-of-service condition can be trigger by using the math feature with a specific formula in issue comments

Is an update available?

To avoid possible exploitation of the above vulnerabilities, GitLab recommends all admins update to GitLab versions 14.8.2, 14.7.4, and 14.6.5 for Community Edition (CE) and Enterprise Edition (EE) installations. If upgrading instances isn’t viable in the near-term, GitLab does provide a hotpatch for the runner token disclosure vulnerability–the most severe vulnerability of the bunch–for a number of GitLab versions, suitable as a temporary mitigation until a full update can be performed.

How do I find potentially vulnerable GitLab instances with Rumble?

From the Asset Inventory, use the following pre-built query to locate GitLab assets within your network that are potentially vulnerable:

product:gitlab
Find GitLab instances

As always, any prebuilt queries we create are available from our Queries Library. Check out the library for other useful inventory queries.

Free Rumble trial

Don’t have Rumble and need help finding potentially vulnerable GitLab instances?

Start your free trial
Rumble Screenshot

Similar Content

May 12, 2022

Wrangling the May 2022 Patch Tuesday

Microsoft recently released security updates for over 70 vulnerabilities, including 3 zero-days and 7 critical vulnerabilities that affect a wide-range of their products and services. The list of patches covers an actively exploited zero-day vulnerability in the Windows …

Read More

May 5, 2022

Finding F5 BIG-IP instances

Technology vendor F5 recently published information on over 40 vulnerabilities, mostly affecting their BIG-IP line of products. While these vulnerabilities include a mix of types and severities, a particular authentication bypass vulnerability that can affect all BIG-IP …

Read More

April 29, 2022

Finding Netatalk instances

A critical vulnerability in the Netatalk open source file server software was found in some popular network attached storage (NAS) devices. Netatalk provides services for the deprecated AFP (Apple Filing Protocol, formerly known as Appletalk Filing Protocol), and runs on a …

Read More