• Home
  • |
  • Blog
  • |
  • How To Fix CVE-2021-22205, Unauthenticated RCE Vulnerability In GitLab
How to Fix CVE-2021-22205, Unauthenticated RCE Vulnerability in GitLab

On Nov 1, Rapid7 published a detailed report about the exploitation of a patched vulnerability in GitLab. Let’s see how to fix CVE-2021-22205, an unauthenticated (RCE) remote code execution vulnerability in GitLab.

Summary of CVE-2021-22205

“GitLab described the issue as an authenticated vulnerability that was the result of passing user-provided images to the service’s embedded version of ExifTool. A remote attacker could execute arbitrary commands as the git user due to ExifTool’s mishandling of DjVu files, an issue that was later assigned CVE-2021-22204.” Rapid 7 research team has shared the full technical root cause analysis of the vulnerability here

The vulnerability was initially tracked as CVE-2021-22205 and assigned a CVSSv3 score of 9.9 in Apr 14, 2021. However, later in Sep 21, 2021, the CVSS score was revised to 10.0 and made the vulnerability to unauthenticated remote code execution vulnerability from authenticated. 

Affected GitLab Versions:

According to the report, this unauthenticated RCE vulnerability CVE-2021-22205 affects all versions of GitLab (both Enterprise Edition (EE) and Community Edition (CE)) lower than v13.8.8. 

Exploit Available For CVE-2021-22205

Since the vulnerability was announced that it’s an unauthenticated REC vulnerability, an increment in the number of attacks has been seen. In support of this, there are multiple exploits published on public forums.

List of exploits available for the public:

  1. RCE on Gitlab version < 13.10.3
  2. Unredacted RCE PoC against CEIP

Note: These exploits were created only for educational/research purposes only. Use at your own risk.

 CVE-2021-22205 Patched Versions Of GitLab

According to GitLab’s April 2021 advisory, GitLab patched the CVE-2021-22205 vulnerability from these versions. GitLab also recommends updating GitLab to the latest available versions. 

  • 13.10.3
  • 13.9.6
  • 13.8.8

How To Fix CVE-2021-22205, Unauthenticated RCE Vulnerability In GitLab?

  1. Since Gitlab shipped the fix in versions 13.10.3, 13.9.6, and 13.8.8, we recommend updating your GitLab to any of the versions which are greater or equal to these versions. 
  2. Since attacks are prone to the GitLab exposed to the internet, we recommend not to host the GitLab directly to the internet. Deploy it behind the VPN gateways. or publish them on a secure platform like Citrix.

How to upgrade GitLab to the latest version?

GitLab upgradation process depends on the installation methods followed in your organization. GitLab officially supports four different way of upgradation process:

1. Linux packages (Omnibus GitLab)
2. Source installations
3. Docker installations
4. Kubernetes (Helm) installations

  1. Create back up before upgrade

    It is highly recommended to have a full up-to-date backup before you begin.

  2. Add GitLab official repositories

    1. gitlab/gitlab-ee: The full GitLab package contains all the Community Edition features plus the Enterprise Edition ones.
    2. gitlab/gitlab-ce: A stripped down package that contains only the Community Edition features.
    3. gitlab/unstable: Release candidates and other unstable versions.
    4. gitlab/nightly-builds: Nightly builds.
    5. gitlab/raspberry-pi2: Official Community Edition releases built for Raspberry Pi packages.

    You can run this command to update the latest repositories if you have GitLab installed on your server.

    $ sudo apt update

  3. Upgrade GitLab to the latest version using the official repositories

    To upgrade to the latest GitLab version:

    # Ubuntu/Debian
    $ sudo apt install gitlab-ee

    # RHEL/CentOS 6 and 7
    $ sudo yum install gitlab-ee

    # RHEL/CentOS 8
    $ sudo dnf install gitlab-ee

    # SUSE
    $ sudo zypper install gitlab-ee

    Note: For the GitLab Community Edition, replace gitlab-ee with gitlab-ce.

  4. Upgrade GitLab to a specific version

    Use these commands with version number to upgrade GitLab to a specific version.

    # Ubuntu/Debian
    $ sudo apt install gitlab-ee=<version>

    # RHEL/CentOS 6 and 7
    $ sudo yum install gitlab-ee-<version>

    # RHEL/CentOS 8
    $ sudo dnf install gitlab-ee-<version>

    # SUSE
    $ sudo zypper install gitlab-ee=<version>

  5. Upgrade GitLab using a manually-downloaded package

    After the package is downloaded, install it by using one of the following commands and replacing <package_name> with the package name you downloaded:

    # Debian/Ubuntu
    $ dpkg -i <package_name>

    # CentOS/RHEL
    $ rpm -Uvh <package_name>

    # SUSE
    $ zypper install <package_name>

See Also  How To Set Up A Raspberry Pi For The First Time?

Note: Visit this link to install self managed GitLab on your Linux distribution, docker, and cloud.

We hope this post would help you in knowing how to fix CVE-2021-22205, unauthenticated RCE vulnerability in GitLab.

Thanks for reading this threat post. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this.

Read More:

About the author

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience spanning IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

To know more about him, you can visit his profile on LinkedIn.

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.