Thousands of GitLab instances impacted by multiple security flaws

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here Multiple security vulnerabilities have been discovered by researchers in GitLab, an open-source DevOps software. Some of these ...

Continue Reading
New Security Vulnerability Affects Thousands of Self-Managed GitLab Instances

[![GitLab Self-Managed Instances](https://thehackernews.com/new-images/img/a/AVvXsEh4OrdiGnjyt32NTMBZgXDFivys2ugmsWFHG5EaBCobkzwMT661q_9DYff3u7NC4RSiBe-u24cVDAn8H4oD-uoKXeHbScjxNykkpHeOC0rs4pOb-l55P86 ...

Continue Reading
CVE-2021-4191: GitLab GraphQL API User Enumeration (FIXED)

![CVE-2021-4191: GitLab GraphQL API User Enumeration (FIXED)](https://blog.rapid7.com/content/images/2022/03/gitlab-vuln.jpg) On February 25, 2022, GitLab [published a fix]() for CVE-2021-4191, which ...

Continue Reading
RST Threat feed. IOC: internal-graphql-stable-web-jer5f6d-n-933384777.us-east-1.elb.cryptohosting.eu

Found **internal-graphql-stable-web-jer5f6d-n-933384777[.]us-eas...Read More ...

Continue Reading
RST Threat feed. IOC: graphql-server-ecs-chat-497780143.us-west-2.elb.cryptohosting.eu

Found **graphql-server-ecs-chat-497780143[.]us-west-2.elb.crypto...Read More ...

Continue Reading
RST Threat feed. IOC: graphql.magical.coffee

Found **graphql[.]magical.coffee** in [RST Threat Feed](https:/...Read More ...

Continue Reading
GitLab GraphQL API User Enumeration

This module queries the GitLab GraphQL API without authentication to acquire the list of GitLab users (CVE-2021-4191). The module works on all GitLab versions from 13.0 up to 14.8.2, 14.7.4, and 14.6. ...

Continue Reading
Analyzing the Attack Landscape: Rapid7’s 2021 Vulnerability Intelligence Report

![Analyzing the Attack Landscape: Rapid7’s 2021 Vulnerability Intelligence Report](https://blog.rapid7.com/content/images/2022/03/vuln-intel-report.jpg) Every year, our research team at Rapid7 analyz ...

Continue Reading

Back to Main

Subscribe for the latest news: