Summary
A critical vulnerability in GitLab's GitHub import feature allows remote code execution. The issue stems from improper handling of Sawyer::Resource objects, enabling injection of Redis commands. This can be escalated to execute arbitrary bash commands on the SaaS managed service as well as self-hosted GitLab servers, potentially leading to full system compromise.
Affected Services
GitLab Import
Remediation
None required for SaaS service; self-hosted GitLab instances need to be updated to version 15.3.1
Tracked CVEs
No tracked CVEs
References
Contributed by https://github.com/sshayb
Entry Status
Finalized
Disclosure Date
Tue, Aug 16th, 2022
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
Monitor for unexpected Redis commands or connections, especially those involving system_hook_push or PagesWorker. Check for unusual network connections or file system changes on GitLab servers.
Piercing Index Rating
-
Discovered by
yvvdwf
