Once the jpg file is uploaded, it is passed to ExifTool to remove any non-whitelisted tags.Unfortunately, a combination of special characters can trick the validation and allows the malicious code to be executed. How is it performed ?Īny registered user who can access and create a Snippet can perform this exploit by attaching a corrupted “jpg” file into it. Usually RCEs are possible due to downloaded malware but in our case this was due to a lack of checks and validations in the gitlab source code and Exiftool (Ed: Exiftool is a software to manipulate metadata onto several types of files). For now, it seems that this breach was used to exploit server resources to mine some crypto with the trendy xmrig but who knows what else has been done. And in short, your server and data reachable through user Git are compromised and who knows what kind of malware or software have been installed and run.
Once done, this malicious fellow will be allowed to execute any codes and access any files on your server that the user git can. And if you let any netsurfer to register to your gitlab. Indeed, an RCE, for Remote Code Execution, can be currently performed on gitlab by any registered user. Lately, the latter has seen some exploits being done. Nowadays, companies and developers are fond of the managing and controlling versioning tools from the git family such as Github and Gitlab.
0 kommentar(er)
