GitLab has released a patch, along with a notification for vulnerability CVE-2023-7028, since the beginning of this year. However, many servers have not been updated, putting them at risk of being compromised. A report from The Shadow Server Foundation shows that a significant number of servers in the United States, Russia, Germany, and China are still allowing internet connections. In Thailand, the number of servers is relatively low, with only 27 machines.
Generally, organizations that use GitLab should have sufficiently complex development projects. Keeping servers with vulnerabilities exposed may be enticing hackers in particular. Nevertheless, this vulnerability only affects servers that do not enforce two-factor login authentication. While some servers may have been configured to minimize the impact, they are still found to be running versions with vulnerabilities.
TLDR: GitLab has released a patch for a vulnerability, but many servers are still at risk due to not being updated. The issue affects servers without two-factor login authentication.
Leave a Comment