CVE-2021-22205

Vulnerability updated 4 days ago (2024-11-29T14:02:25.260Z)
Download STIX
Preview STIX
CVE-2021-22205 is a significant vulnerability in GitLab, a flaw in software design or implementation that allows for remote code execution. This vulnerability has been assigned the highest severity score (CVSS score: 10.0) due to its potential impact. The bug, which is now two years old, continues to be actively exploited by threat actors, despite the disclosure and subsequent patching efforts. The cybercriminal group known as Gold Melody has previously been linked to attacks exploiting this and other security flaws, including those in JBoss Messaging, Citrix ADC, Oracle WebLogic, Citrix ShareFile Storage Zones Controller, Atlassian Confluence, ForgeRock AM, and Apache Log4j servers. Specifically, they have weaponized CVE-2021-22205, using it for propagation alongside other vulnerabilities such as one found in Lilin DVR systems. The latest developments indicate an expansion of Gold Melody's exploit arsenal, with the addition of CVE-2023-25717. This suggests that the group is actively seeking to ensnare more devices into their botnet, leveraging a range of vulnerabilities across different platforms. The ongoing exploitation of CVE-2021-22205 underscores the importance of timely patching and robust cybersecurity measures to mitigate these threats.
Description last updated: 2024-05-04T20:36:53.606Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.