CISA Warns of a Five-Year-Old GitLab Flaw Exploited in Attacks: A Critical Security Alert
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert, urging government agencies to patch their systems immediately. The issue at hand is a five-year-old vulnerability in GitLab, a widely used DevSecOps platform, which has been actively exploited in recent attacks. This flaw, tracked as CVE-2021-39935, poses a significant risk to federal agencies and organizations across various sectors.
GitLab, the developer of the platform, addressed this server-side request forgery (SSRF) vulnerability in December 2021. The patch was released to prevent unauthorized access to the CI Lint API, which is crucial for simulating pipelines and validating CI/CD configurations. However, the patch was not applied to all affected versions, leaving a window of opportunity for attackers.
The vulnerability affects GitLab Community and Enterprise Editions, with versions starting from 10.5 and before 14.3.6, 14.4 before 14.4.4, and 14.5 before 14.5.2 particularly at risk. CISA's Binding Operational Directive (BOD) 22-01 mandates that Federal Civilian Executive Branch (FCEB) agencies patch their systems within three weeks, by February 24, 2026, to mitigate the threat.
CISA emphasizes the urgency of the situation, stating that these vulnerabilities are frequent targets for malicious cyber actors. They urge all organizations, including private sector entities, to prioritize securing their devices against ongoing CVE-2021-39935 attacks. Organizations are advised to follow vendor instructions, apply mitigations, and consider discontinuing the use of the product if necessary.
Shodan, a cybersecurity platform, has identified over 49,000 devices with a GitLab fingerprint exposed online, with a significant portion from China. The default port 443 is used by nearly 27,000 of these devices, making them even more accessible to potential attackers.
GitLab's popularity is evident, with over 30 million registered users and adoption by more than 50% of Fortune 100 organizations. High-profile companies like Nvidia, Airbus, Goldman Sachs, T-Mobile, and Lockheed Martin rely on GitLab's DevSecOps platform for their development and operations.
In addition to the GitLab alert, CISA has also flagged a critical SolarWinds Web Help Desk vulnerability as actively exploited, further highlighting the ongoing threat landscape. The agency's proactive approach to cybersecurity is crucial in safeguarding critical infrastructure and sensitive data.
The future of IT infrastructure is rapidly evolving, and organizations must stay vigilant to protect their systems from emerging threats. By addressing vulnerabilities promptly and implementing robust security measures, businesses can ensure the resilience and security of their digital assets.
