High-Severity GitLab Flaw Exposes Users to Complete Account Takeovers

GitLab recently patched a high-severity flaw that could let threat actors take over user accounts by weaponizing it in cross-site scripting (XSS) attacks.

The vulnerability, tracked as CVE-2024-4835, is an XSS flaw in GitLab’s VS code editor, potentially enabling threat actors to steal restricted information through malicious pages.

GitLab Vulnerability Flagged as Highly Severe

The vulnerability is currently flagged as highly severe, but has yet to receive an official CVSS severity rating. According to its description page, the flaw affects GitLab versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1.

“By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information,” reads the description.

Although threat actors could exploit this shortcoming without authentication, the attack would still require some user interaction, making it more complex.

GitLab Addressed the Issue by Rolling Out Patches

After learning of the situation, GitLab addressed the issue by rolling out patched versions of GitLab Community (CE) and Enterprise (EE) Editions.

"Today, we are releasing versions 17.0.1, 16.11.3, and 16.10.6 for GitLab Community Edition (CE) and Enterprise Edition (EE)," reads GitLab’s patch release note. "These versions contain important bug and security fixes, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately."

Software Development Platform Accounts Frequently Targeted

Threat actors frequently aim to hijack accounts on software development platforms like GitLab and GitHub. Control of these accounts can facilitate further malicious activities, including supply chain attacks that might compromise entire repositories and affect all users frequently interacting with them.

Last month, a vulnerability was discovered on GitHub, allowing threat actors to host and distribute malware through the platform’s content delivery network (CDN). The issue was also found to affect GitLab.

Protecting Against Malware from Compromised Repositories

Hijacked accounts on development platforms are often hard to spot, exposing users to inadvertently downloading malware-ridden programs, patches or code. Dedicated security software like Bitdefender Ultimate Security can help you dodge rogue downloads from compromised repositories.

It encompasses advanced security features, including comprehensive monitoring and protection against intrusions such as viruses, worms, Trojans, zero-day exploits, ransomware, and spyware, a network threat prevention module, and behavioral detection technology that takes instant action upon detecting suspicious activity in apps.