The agency is calling on federal agencies to fix the problem in their systems before it's too late.
A critical flaw in the GitLab system that allows account management to be intercepted was recently added to the catalog of known exploited CISA vulnerabilities. The issue identified as CVE-2023-7028, with a maximum CVSS score of 10.0, is currently being actively exploited by attackers.
The vulnerability occurred due to changes in the GitLab code in version 16.1.0 dated May 1, 2023 and affects all GitLab authentication mechanisms. Owners of accounts with two-factor authentication are also at risk of password resets, but hackers will still need access to the device that 2FA is tied to in order to fully control the account.
Exploiting CVE-2023-7028 can lead to serious consequences, including the theft of confidential information and credentials, as well as the introduction of malicious code into source code repositories, which threatens the integrity of the entire supply chain.
An example of such attacks is the ability for attackers to gain access to the CI/CD pipeline settings and inject code that will redirect sensitive data to servers controlled by the attackers. It is also possible to interfere with the repository code in order to inject malware into it, which can lead to compromised systems and unauthorized access.
In response to the threat, updates were released for GitLab versions 16.5.6, 16.6.4, and 16.7.2, while the fixes were also moved to versions 16.1.6, 16.2.9, 16.3.7, and 16.4.5.
Due to the active abuse of this vulnerability, US federal agencies must install the latest GitLab patches by May 22, 2024 to ensure the security of their networks. CISA has not yet provided additional details on how to exploit the vulnerability in real-world attacks, but it emphasizes that it is impossible to delay the elimination of the threat.
A critical flaw in the GitLab system that allows account management to be intercepted was recently added to the catalog of known exploited CISA vulnerabilities. The issue identified as CVE-2023-7028, with a maximum CVSS score of 10.0, is currently being actively exploited by attackers.
The vulnerability occurred due to changes in the GitLab code in version 16.1.0 dated May 1, 2023 and affects all GitLab authentication mechanisms. Owners of accounts with two-factor authentication are also at risk of password resets, but hackers will still need access to the device that 2FA is tied to in order to fully control the account.
Exploiting CVE-2023-7028 can lead to serious consequences, including the theft of confidential information and credentials, as well as the introduction of malicious code into source code repositories, which threatens the integrity of the entire supply chain.
An example of such attacks is the ability for attackers to gain access to the CI/CD pipeline settings and inject code that will redirect sensitive data to servers controlled by the attackers. It is also possible to interfere with the repository code in order to inject malware into it, which can lead to compromised systems and unauthorized access.
In response to the threat, updates were released for GitLab versions 16.5.6, 16.6.4, and 16.7.2, while the fixes were also moved to versions 16.1.6, 16.2.9, 16.3.7, and 16.4.5.
Due to the active abuse of this vulnerability, US federal agencies must install the latest GitLab patches by May 22, 2024 to ensure the security of their networks. CISA has not yet provided additional details on how to exploit the vulnerability in real-world attacks, but it emphasizes that it is impossible to delay the elimination of the threat.
