Jump to content
Register now for free to get your favorite username before it is gone! ×

Critical Vulnerabilities in Linux and GitLab


In today’s fast-paced cybersecurity landscape, vulnerabilities in popular platforms pose significant risks to organizations. Two recently disclosed vulnerabilities have garnered attention: CVE-2024-9822, impacting WordPress sites using the Pedalo Connector plugin, and Perfctl malware, which targets misconfigured Linux servers. Additionally, CVE-2024-9164 in GitLab Enterprise Edition (EE) enables unauthorized pipeline execution. This article will explore how these vulnerabilities work, their potential consequences, and the best defense strategies.


CVE-2024-9822: Authentication Bypass in WordPress Pedalo Connector

What are the Security Vulnerabilities in Linux?

The CVE-2024-9822 vulnerability in WordPress allows attackers to bypass authentication and gain administrative access on websites using the Pedalo Connector plugin. This flaw impacts versions up to 2.0.5 due to improper restriction of the ‘login_admin_user’ function. With a CVSS score of 9.8, this is a critical vulnerability, potentially allowing attackers to alter content, install malicious plugins, and access sensitive data.

Impact of CVE-2024-9822

Once an attacker exploits this vulnerability, they can:

  • Modify website configurations and content.
  • Install malware or unauthorized plugins.
  • Steal confidential user information.
  • Utilize the compromised site for further attacks.

This vulnerability poses a severe risk to website confidentiality, integrity, and availability.

Bornsec’s expert Vulnerability Assessment and Penetration Testing (VAPT) services can help secure your organization against evolving threats.

Mitigating CVE-2024-9822

While there is no definitive patch available yet, the following measures can mitigate the risk:

  • Update to the Latest Version: Upgrade to a newer version of the Pedalo Connector plugin if available.
  • Temporarily Disable the Plugin: If no updates exist, disabling the plugin may help prevent exploitation.
  • Strengthen Access Controls: Implement two-factor authentication (2FA) for admin accounts, and monitor login activity.
  • Conduct Regular Audits: Periodically audit administrative accounts for suspicious activity.

Perfctl Malware: Threat to Misconfigured Linux Servers

How Do You Explain Vulnerability in GitLab?

Perfctl is a highly dangerous malware actively targeting Linux servers. It capitalizes on server misconfigurations and exploits critical vulnerabilities like CVE-2023-33246 (Apache RocketMQ) and CVE-2021-4043 (Polkit) to infiltrate systems. Though primarily known for its cryptocurrency mining activities, Perfctl can also act as a loader for other malware, enable proxy-jacking, and install backdoors.

How Perfctl Operates

Perfctl malware infiltrates Linux servers through two main vectors:

  1. Server Misconfigurations: Weak passwords and exposed login interfaces make servers vulnerable, affecting over 20,000 systems.
  2. Exploiting Critical Vulnerabilities: Perfctl exploits Apache RocketMQ (CVE-2023-33246) and Polkit (CVE-2021-4043) to gain access and escalate privileges.

Key Features of Perfctl Malware

  • Evasion Techniques: Perfctl uses rootkits to conceal its presence and suppress resource-intensive processes when users log in.
  • Persistence: The malware alters login scripts to persist even after reboots.
  • Malicious Utilities: It replaces crucial system tools, such as ldd and crontab, with trojanized versions.

Mitigating Perfctl Malware

To guard against Perfctl, organizations should adopt a multi-layered defense:

  • Patch Vulnerabilities: Regularly update software, particularly Apache RocketMQ (CVE-2023-33246) and Polkit (CVE-2021-4043).
  • Restrict File Execution: Set the NOEXEC option on directories like /tmp to prevent malicious binary execution.
  • Disable Unnecessary Services: Limit attack vectors by disabling unused HTTP services.
  • Advanced Security Tools: Deploy anti-malware solutions that can detect rootkits and trojanized utilities while monitoring network traffic for suspicious activity.

CVE-2024-9164: Arbitrary Pipeline Execution in GitLab EE

What Is the Latest Vulnerability in GitLab?

The CVE-2024-9164 vulnerability allows unauthorized pipeline execution on arbitrary branches in GitLab Enterprise Edition (EE). Affecting versions 12.5 to 17.4.1, this flaw poses significant risks to code repositories and CI/CD processes, with a CVSS score of 9.6.

Impact of CVE-2024-9164

The key risks associated with this vulnerability include:

  • Unauthorized Access: Attackers can execute pipelines and access sensitive data.
  • Code Manipulation: Malicious actors may alter repositories or inject harmful code.
  • Denial of Service (DoS): Running resource-intensive pipelines could lead to system slowdowns or crashes.
  • Privilege Escalation: Exploiting this flaw can enable attackers to escalate privileges within the system.

Mitigating CVE-2024-9164

GitLab has released patches in versions 17.2.9, 17.3.5, and 17.4.2. To mitigate this vulnerability, consider the following steps:

  • Update to the Latest Version: Apply the patches as soon as possible.
  • Restrict Pipeline Permissions: Limit pipeline execution to trusted users and verified projects.
  • Monitor Pipeline Activity: Implement monitoring tools to detect unusual pipeline executions.
  • Follow GitLab Best Practices: Regularly update software, audit pipeline configurations, and restrict access to CI/CD environments.

National Vulnerability Database (NVD) to keep abreast of the latest vulnerability disclosures and best practices for mitigating risks.

Conclusion: Staying Ahead of Vulnerabilities

GitLab Vulnerability Management

With emerging vulnerabilities like CVE-2024-9822, Perfctl malware, and CVE-2024-9164, proactive cybersecurity is essential. Regularly patching software, monitoring systems, and implementing strong security protocols can drastically reduce the risk of exploitation. By following industry best practices, your organization can stay ahead of these evolving threats.

Bornsec offers comprehensive solutions to help your business stay secure. Explore our services to protect against vulnerabilities and ensure compliance with industry standards.

 

Contact us: 080-4027 3737

Please write to us: info@bornsec.com

Visit us: https://bornsec.com/

https://bornsec.com/critical-vulnerabilities-in-linux-and-gitlab/

0 Comments


Recommended Comments

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×
×
  • Create New...

Important Information

Please review our Terms of Use and Privacy Policy before using this site., We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.