CISA Warns of a Five-Year-Old GitLab Flaw Exploited in Attacks: A Critical Security Alert
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert, urging government agencies to patch their systems immediately. The vulnerability in question is a five-year-old flaw in GitLab, a popular software development platform, that has been actively exploited in recent attacks.
The flaw, known as Server-Side Request Forgery (SSRF), was patched by GitLab in December 2021. However, CISA has discovered that it is still being actively targeted by malicious actors. The vulnerability affects GitLab Community and Enterprise Editions, with versions starting from 10.5 and before 14.3.6, 14.4 before 14.4.4, and 14.5 before 14.5.2 particularly vulnerable.
CISA's alert highlights the severity of the issue, stating that unauthorized external users could perform Server-Side Requests via the CI Lint API. This API is used for simulating pipelines and validating CI/CD configurations, making it a critical component of the platform's functionality.
In response to this threat, CISA has added the flaw to its list of known exploited vulnerabilities and ordered Federal Civilian Executive Branch (FCEB) agencies to patch their systems within three weeks, by February 24, 2026. This directive is part of Binding Operational Directive (BOD) 22-01, which emphasizes the urgency of addressing this vulnerability.
CISA strongly recommends that all organizations, not just federal agencies, prioritize securing their devices against ongoing CVE-2021-39935 attacks. The agency warns that these types of vulnerabilities are frequent targets for malicious cyber actors and pose significant risks to the federal enterprise.
To mitigate the risk, CISA advises applying vendor-provided instructions, following applicable BOD 22-01 guidance for cloud services, or discontinuing the use of the product if mitigations are unavailable. This proactive approach is crucial to prevent potential data breaches and system compromises.
Shodan, a cybersecurity research platform, has identified over 49,000 devices with a GitLab fingerprint exposed online, with the majority located in China. Nearly 27,000 of these devices are using the default port 443, which could make them more susceptible to exploitation.
GitLab's DevSecOps platform is widely used, with more than 30 million registered users and over 50% of Fortune 100 organizations relying on it. High-profile companies like Nvidia, Airbus, Goldman Sachs, T-Mobile, and Lockheed Martin are among its users.
In addition to the GitLab alert, CISA has also flagged a critical SolarWinds Web Help Desk vulnerability as actively exploited, ordering government agencies to patch their systems within three days. This rapid response to emerging threats underscores the importance of proactive cybersecurity measures.
As IT infrastructure continues to evolve, organizations must stay vigilant and adapt to new security challenges. The future of IT infrastructure is here, and it demands a proactive approach to security to protect sensitive data and systems from potential threats.
