Gitlab exiftool rce4/15/2023 ![]() Usually RCEs are possible due to downloaded malware but in our case this was due to a lack of checks and validations in the gitlab source code and Exiftool (Ed: Exiftool is a software to manipulate metadata onto several types of files). For now, it seems that this breach was used to exploit server resources to mine some crypto with the trendy xmrig but who knows what else has been done. And in short, your server and data reachable through user Git are compromised and who knows what kind of malware or software have been installed and run. Once done, this malicious fellow will be allowed to execute any codes and access any files on your server that the user git can. And if you let any netsurfer to register to your gitlab. Indeed, an RCE, for Remote Code Execution, can be currently performed on gitlab by any registered user. Lately, the latter has seen some exploits being done. ![]() Nowadays, companies and developers are fond of the managing and controlling versioning tools from the git family such as Github and Gitlab.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |