An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.

Vuln Product: Gitlab CE/EE < 13.8.8 < 13.10.3 < 13.9.6

https://github.com/Al1ex/CVE-2021-22205

If you found a GitLab instance, try to login as root/admin with those credentials:

root : 5iveL!fe and admin : 5iveL!fe

You can find it with #shodan : org:"Target" http.title:"GitLab"

doc/set-up-gdk.md · c82f5c4ba003d395d5d59c925c8931a0b9491b20 · GitLab.org / GitLab Development Kit

httpx -l subs.txt -path /.git/config --status-code --silent

Gitlab 14.9

https://www.exploit-db.com/exploits/50888

A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts.

Exploit: New Gitlab Accounts (created since the first affect version and if Gitlab is before the patched version) can be logged into with the following password:

123qweQWE!@#000000000

CVE-2022-2884

https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/

#GitLab v 15.3.1, 15.2.3, 15.1.5 for  Community Edition (CE) and Enterprise Edition (EE)