Critical GitLab Flaw Under Attack: CVE-2023-7028 Exploited

A critical flaw in the GitLab system, which allows the interception and control of user accounts, was recently added to the CISA catalog of known exploitable vulnerabilities. This issue, identified as CVE-2023-7028 and rated at the maximum severity of 10.0 on the CVSS scale, is currently being actively exploited by malicious actors.

The vulnerability arose due to changes in the GitLab codebase in version 16.1.0 and affects all GitLab authentication mechanisms. Account holders with two-factor authentication are also at risk of password reset, but full control over the account still requires access to the device linked to 2FA.

The exploitation of CVE-2023-7028 can lead to severe consequences, including the theft of sensitive information and credentials, as well as the introduction of malicious code into the source code repositories, compromising the integrity of the entire supply chain.

An example of such attacks includes the possibility for attackers to access the settings of CI/CD pipelines and inject code that redirects sensitive data to servers controlled by the attackers. There is also the potential for interference in the code repository with the aim of embedding malicious software, which could lead to system compromise and unauthorized access.

In response to the threat, updates have been released for GitLab versions 16.5.6, 16.6.4, and 16.7.2, while fixes have also been backported to versions 16.1.6, 16.2.9, 16.3.7, and 16.4.5.

Due to the active exploitation of this vulnerability, U.S. federal agencies are required to install the latest GitLab patches by May 22, 2024, to ensure the security of their networks. CISA has not yet provided additional details about the methods of exploitation in real attacks but emphasizes the urgency of addressing this threat.