![]() ![]() ![]() Specifically “HandleFileUploads” in “uploads.go” is called from a couple of PreAuthorizeHandler contexts allowing the “HandleFileUploads” logic, which calls down to ”rewrite.go” and ”exif.go”, to execute before authentication. Unauthenticated and remote users have been and still are able to reach execution of ExifTool via GitLab. The confusion around the privilege required to exploit this vulnerability is strange. A remote attacker could execute arbitrary commands as the git user due to ExifTool’s mishandling of DjVu files. The GitLab vulnerability being tracked as CVE-2021-22205 was the result of passing user-provided images to the service’s embedded version of ExifTool. The vulnerability which was first discovered in April 2021was first described as an authenticated remote code execution (RCE) vulnerability but has since elevated to an unauthenticated vulnerability. A now-patched critical remote code execution (RCE) vulnerability in GitLab's web interface has been detected as actively exploited.
0 Comments
Leave a Reply. |