GitLab shares GitHub’s vulnerability to hosting malware
42s
2
15:22, 23.04.2024
GitLab proved to be also vulnerable to GitHub’s vulnerability to posting malware with the help of URL addresses connected to Microsoft repositories.
The vulnerability is related to the comment feature, where one can attach links with a unique URL address in the following format: https://www.github.com/{project_user}/{repo_name}/files/{file_id}/{file_name}» .
The links may be generated while creating a commit comment for repositories of popular and reputable projects and then remain active even in the case the comment hasn’t been published.
The users can attach any files creating a download link for them, and cyber attackers discovered that they can use the feature for sharing malware.
The same vulnerability has been detected in GitLab CDN where links have the following format: https://gitlab.com/{project_group_namr}/{repo_name}/uploads/{file_id}/{file_name}.
Was this article helpful to you?
Yes
No
VPS popular offers
-
-21.5%€/mo€ 26 /moBilled annually
CPU2 Xeon Cores
RAM2 GB
Space75 GB SSD
Bandwidth300 GB -
-20.5%€/mo€ 95 /moBilled annually
CPU6 Xeon Cores
RAM16 GB
Space150 GB SSD
Bandwidth10 TB
-
-15%€/mo€ 176 /moBilled annually
OSCentOS
CPU10 Epyc Cores
RAM64GB
Space300 GB NVMe
SoftwareKeitaro
BandwidthUnlimited -
-9.1%€/mo€ 66 /moBilled annually
CPU4 Xeon Cores
RAM4 GB
Space100 GB SSD
BandwidthUnlimited
-
-20.6%€/mo€ 59 /moBilled annually
CPU6 Xeon Cores
RAM8GB
Space100GB SSD
Bandwidth500GB
-
-6.3%€/mo€ 111 /moBilled annually
CPU4 Xeon Cores
RAM8 GB
Space100 GB SSD
BandwidthUnlimited
-
-10.2%€/mo€ 88 /moBilled annually
OSCentOS
CPU8 Epyc Cores
RAM32 GB
Space200 GB NVMe
SoftwareKeitaro
BandwidthUnlimited
-
-8%€/mo€ 29.5 /moBilled annually
CPU4 Epyc Cores
RAM4 GB
Space50 GB NVMe
BandwidthUnlimited
-
-9.1%€/mo€ 55 /moBilled annually
CPU4 Xeon Cores
RAM4 GB
Space50 GB SSD
BandwidthUnlimited
-
-9.1%€/mo€ 165 /moBilled annually
CPU10 Xeon Cores
RAM64 GB
Space300 GB SSD
BandwidthUnlimited
