Rewterz Threat Advisory – CVE-2022-25644 – Node.js get-process-by-name module Vulnerability

August 31, 2022

Rewterz Threat Alert – Remcos RAT – Active IOCs

September 1, 2022

Rewterz Threat Advisory – Multiple GitLab Community and Enterprise Edition Vulnerabilities

August 31, 2022

Severity

High

Analysis Summary

CVE-2022-3031 CVSS:3.7
GitLab Community and Enterprise Edition could allow a remote attacker to obtain sensitive information, caused by a flaw in the 2FA feature. By utilize brute force attack techniques, an attacker could exploit this vulnerability to obtain password information, and use this information to launch further attacks against the affected system.

CVE-2022-2992 CVSS:9.9
GitLab Community and Enterprise Edition could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a flaw in the Import from GitHub API endpoint. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

CVE-2022-2931 CVSS:4.3
GitLab Community and Enterprise Edition is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the Commit message field. By sending a specially-crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a high CPU usage, and results in a denial of service condition.

CVE-2022-2908 CVSS:4.3
GitLab Community and Enterprise Edition are vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw. By sending a specially-crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2022-2907 CVSS:4.3
GitLab Community and Enterprise Edition could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the LivePreview feature. By using a specially-crafted link, an attacker could exploit this vulnerability to obtain repository content information, and use this information to launch further attacks against the affected system.

CVE-2022-2865 CVSS:7.3
GitLab Community and Enterprise Edition are vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the setting the labels colour feature. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2022-2630 CVSS:4.3
GitLab Community and Enterprise Edition could allow a remote authenticated attacker to obtain sensitive information, caused by improper access control. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information in incident timeline events, and use this information to launch further attacks against the affected system.

CVE-2022-2592 CVSS:5.7
GitLab Community and Enterprise Edition are vulnerable to a denial of service, caused by improper length validation in Snippets. By sending a specially-crafted request to create a maliciously large Snippet, a remote authenticated attacker could exploit this vulnerability to cause excessive load on the server, and results in a denial of service condition.

CVE-2022-2533 CVSS:6.5
GitLab Community and Enterprise Edition could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication validation with some Package Registries when IP address restrictions were configured. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass Group IP allow-list settings.

CVE-2022-2527 CVSS:7.3
GitLab Community and Enterprise Edition could allow a remote authenticated attacker to bypass security restrictions, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to inject arbitrary content to the incidents timeline description.

CVE-2022-2455 CVSS:6.5
GitLab Community and Enterprise Edition are vulnerable to a denial of service, caused by a business logic flaw in the handling of large repositories. By sending a specially-crafted request using Gitaly.GetTreeEntries calls, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.

Impact

Information Disclosure
Command Execution
Denial of Service
Cross-Site Scripting

Indicators Of Compromise

CVE

CVE-2022-3031
CVE-2022-2992
CVE-2022-2931
CVE-2022-2908
CVE-2022-2907
CVE-2022-2865
CVE-2022-2630
CVE-2022-2592
CVE-2022-2533
CVE-2022-2527
CVE-2022-2455

Affected Vendors

GitLab

Affected Products

GitLab Enterprise Edition 15.1
GitLab Community Edition 15.1
GitLab Community Edition 15.2
GitLab Enterprise Edition 15.2
GitLab Enterprise Edition 15.3
GitLab Community Edition 15.3

Remediation

Refer to GitLab Website for patch, upgrade or suggested workaround information.
GitLab Website

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Critical PHP RCE Vulnerability Under Mass Exploitation in New Attacks

Multiple Adobe Products Vulnerabilities

Apple WebKit Zero-Day Actively Exploited in High-Profile Cyber Attacks

Threat Insights

About Us

Our Leadership

CSR

Connect with Us