critical

Remote Code Execution via GitHub Import

Published Wed, Aug 17th, 2022

Platforms

Summary

A critical vulnerability in GitLab's GitHub import feature allows remote code execution. The issue stems from improper handling of Sawyer::Resource objects, enabling injection of Redis commands. This can be escalated to execute arbitrary bash commands on the SaaS managed service as well as self-hosted GitLab servers, potentially leading to full system compromise.

Affected Services

GitLab Import

Remediation

None required for SaaS service; self-hosted GitLab instances need to be updated to version 15.3.1

Tracked CVEs

No tracked CVEs

References

https://gitlab.com/gitlab-org/gitlab/-/issues/371098 https://hackerone.com/reports/1672388

Contributed by https://github.com/sshayb

Entry Status

Finalized

Disclosure Date

Tue, Aug 16th, 2022

Exploitability Period

Known ITW Exploitation

Detection Methods

Monitor for unexpected Redis commands or connections, especially those involving system_hook_push or PagesWorker. Check for unusual network connections or file system changes on GitLab servers.

Piercing Index Rating

Discovered by

yvvdwf

More vulnerabilities...

medium

Actions Core Delimiter Injection Vulnerability

The @actions/core package had a delimiter injection vulnerability in the exportVariable function. Attackers could use a known delimiter to break out of a specific variable and assign values to othe...

Juho NurminenAug 12, 2022

medium

Cloud SQL escape to host

In GCP's case, they introduced a modification to the Cloud SQL's PostgreSQL engine allowing the role assigned to the tenant (cloudsqlsuperuser) to arbitrarily change the ownership of a table to any...

Shir Tamari, Nir Ohfeld, Sa...Aug 11, 2022

medium

Google Cloud Shell command injection

A vulnerability was discovered in Cloud Shell that enabled command injection and remote shell access. By manipulating the "project" parameter, an attacker could have cause an unencoded Python scrip...

Bugra EskiciAug 10, 2022

View all