CVE-2021-22205

Vulnerability Profile Updated 2 months ago
Download STIX
Preview STIX
CVE-2021-22205 is a significant vulnerability in GitLab, a flaw in software design or implementation that allows for remote code execution. This vulnerability has been assigned the highest severity score (CVSS score: 10.0) due to its potential impact. The bug, which is now two years old, continues to be actively exploited by threat actors, despite the disclosure and subsequent patching efforts. The cybercriminal group known as Gold Melody has previously been linked to attacks exploiting this and other security flaws, including those in JBoss Messaging, Citrix ADC, Oracle WebLogic, Citrix ShareFile Storage Zones Controller, Atlassian Confluence, ForgeRock AM, and Apache Log4j servers. Specifically, they have weaponized CVE-2021-22205, using it for propagation alongside other vulnerabilities such as one found in Lilin DVR systems. The latest developments indicate an expansion of Gold Melody's exploit arsenal, with the addition of CVE-2023-25717. This suggests that the group is actively seeking to ensnare more devices into their botnet, leveraging a range of vulnerabilities across different platforms. The ongoing exploitation of CVE-2021-22205 underscores the importance of timely patching and robust cybersecurity measures to mitigate these threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Exploit
Remote Code ...
Sysdig
Gitlab
Botnet
Malware
Confluence
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Earth LuscaUnspecified
1
Earth Lusca is a threat actor, an entity responsible for executing actions with malicious intent in the cybersecurity realm. The group has recently expanded its arsenal by incorporating a new tool known as SprySOCKS Linux malware. This development poses a significant threat to Linux systems worldwid
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-25717Unspecified
1
CVE-2023-25717 is a software vulnerability, specifically a flaw in the design or implementation of the Ruckus AP remote code execution. In April 2023, FortiGuard Labs observed a unique botnet leveraging this vulnerability, utilizing the SOCKS protocol for distribution. This incident represents a sig
Proxyshell Cve-2021-34473Unspecified
1
ProxyShell (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) is a set of three chained vulnerabilities that perform unauthenticated remote code execution (RCE) in Microsoft Exchange. Identified as a significant flaw in software design or implementation, it allows unauthorized users to execute arbitra
CVE-2022-40684Unspecified
1
CVE-2022-40684 is a significant software vulnerability identified in Fortinet devices, specifically relating to an authentication bypass flaw. This flaw in the software design or implementation allows threat actors to exploit the vulnerability, compromising network security and providing unauthorize
CVE-2022-39952Unspecified
1
CVE-2022-39952 is a critical vulnerability in Fortinet's network access control suite, FortiNAC. This flaw, which resides in the software design or implementation, could lead to arbitrary code execution, posing a severe threat to network security. The vulnerability was identified and addressed by Fo
Earth Lusca Earth LuscaUnspecified
1
None
CVE-2021-22941Unspecified
1
CVE-2021-22941 is a significant software vulnerability identified in Citrix ShareFile, which allows for remote code execution (RCE). This flaw was exploited by the threat actor group known as GOLD MELODY, also referred to as PROPHET SPIDER. The group has been linked to various attacks exploiting sec
CVE-2021-35464Unspecified
1
None
CVE-2019-19781Unspecified
1
CVE-2019-19781, also known as the Citrix Directory Traversal Bug, is a software vulnerability that lies in the design or implementation of the software. This flaw allows an attacker to potentially gain unauthorized access to sensitive data or even execute arbitrary code on the compromised system. De
CVE-2017-7504Unspecified
1
CVE-2017-7504 is a significant software vulnerability identified in the JBoss MQ Java Message Service (JMS). This flaw, rooted in software design and implementation, allows for deserialization attacks when exploited on an internet-exposed server. The vulnerability has been abused by malicious actors
CVE-2020-14750Unspecified
1
None
CVE-2020-14882Unspecified
1
None
CVE-2021-26084Unspecified
1
CVE-2021-26084 is a critical vulnerability related to Atlassian's Confluence software. The flaw in the software design or implementation was first exploited as a zero-day, before its public disclosure in June 2022. It allowed remote attackers to execute code on a Confluence Server via injection atta
CVE-2021-44228Unspecified
1
CVE-2021-44228, also known as Log4Shell, is a critical vulnerability in the Apache Log4j software library that has been widely exploited since its discovery. This flaw in software design or implementation allows for remote code execution, making it a prime target for malicious actors. Despite multip
Source Document References
Information about the CVE-2021-22205 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CISA
a year ago
Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors | CISA
CERT-EU
10 months ago
GitLab vulnerability leveraged in LABRAT cryptojacking, proxyjacking operation
CERT-EU
9 months ago
GitLab Releases Urgent Security Patches for Critical Vulnerability | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CISA
a year ago
Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors | CISA
CERT-EU
9 months ago
Cyber Group 'Gold Melody' Selling Compromised Access to Ransomware Attackers
CERT-EU
a year ago
Andoryu Botnet Exploits Critical Ruckus Wireless Flaw for Widespread Attack
InfoSecurity-magazine
10 months ago
Proxyjacking and Cryptomining Campaign Targets GitLab
Trend Micro
9 months ago
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
Securityaffairs
9 months ago
Earth Lusca expands its arsenal with SprySOCKS Linux malware
CERT-EU
10 months ago
Stealthy ‘LabRat’ Campaign Abuses TryCloudflare to Hide Infrastructure
CERT-EU
9 months ago
Hackers Deployed never-before-seen Linux Malware Attacking Government Entities