Initiatives for
    
    As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
      
     
                  Reference:
Advisory #2024-05
Version:
1.0
Affected software:
GitLab Community Edition (CE) and Enterprise Edition (EE)
Type:
Account Takeover
CVE/CVSS:
CVE-2023-7028 :CVSS 10.0(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N)
CVE-2023-5356 :CVSS 9.6(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N)
Gitlab Security Release - https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/
Gitlab has patched multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE). Successful exploitation of these vulnerabilities could lead to an attacker taking over accounts in Gitlab or executing slash commands as another user. Compromised accounts could lead to sensitive information leaking or be used as a pivot into the network of your organization. This poses a significant threat to the Confidentiality, Integrity, and Availability (CIA) triad of information security.
CVE-2023-7028: Account Takeover
A malicious attacker could abuse this vulnerability to reset the password of any account in Gitlab without user interaction. Users using 2FA could have their password reset but would still be protected by 2FA authentication. This vulnerability does not affect users using a SSO solution such as Azure AD or Okta.
CVE-2023-5356: Execute slash commands as another user
An incorrect authorization check allows an attacker to abuse Slack/Mattermost integrations to execute slash commands as another user.
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
The issues have been addressed in the GitLab Critical Security Release: 16.7.2, 16.6.4, 16.5.6 for GitLab Community Edition (CE) and Enterprise Edition (EE).
This security fix for CVE-2023-7028 has been backported to GitLab versions and 16.1.6, 16.2.9, 16.3.7, and 16.4.5 in addition to 16.5.6, 16.6.4, and 16.7.2.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
 
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
Gitlab has shared methods to review possible attempts to compromise your Gitlab instance using CVE-2023-7028.
Mitre - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5356
Mitre - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7028