This means that the newly created user is automatically logged on without any further steps. This was possible because this version of GitLab CE allows user registration by default.įurthermore, the email address provided during registration isn’t verified by default. Another GitLab vulnerability actively exploited in the wildĪccording to HN Security, two suspicious user accounts with admin rights were found on the Internet-exposed GitLab CE server.Īpparently, these two users were registered between June and July 2021, with random-looking usernames. In this everchanging online world, keeping your sensitive data secured is getting increasingly difficult and we’re here to tell you about another vulnerability that’s actively being exploited in the wild. It seems that no matter at what lengths companies are willing to go to secure their products, attackers are always one step ahead and find ingenious ways to bypass all protection. Home › News › Attackers can remotely execute OS commands by exploiting this GitLab vulnerability
0 kommentar(er)
