Patch management

GitLab Releases Patch to Fix Critical and High-Severity Vulnerabilities

GitLab releases fixes for vulnerabilities in patch releases. There are two types of patch releases: scheduled releases, and ad-hoc critical patches for high-severity vulnerabilities.

Summary

OEM	Gitlab
Severity	High
CVEs	CVE-2024-5655, CVE-2024-6385, CVE-2024-6678, CVE-2024-8970, CVE-2025-0194, CVE-2024-6324, CVE-2024-12431, CVE-2024-13041
Exploited in Wild	No
Patch/Remediation Available	Yes
Advisory Version	1.0

Overview

The vulnerabilities could potentially impact unauthorized access, data manipulation, and service disruption. These have been disclosed through GitLab’s HackerOne bug bounty program. Latest Versions 17.7.1, 17.6.3, and 17.5.5 are now available for immediate download and upgrade to address these issues.

Vulnerability Name	CVE ID	Product Affected	Severity
Import Functionality Vulnerabilities	CVE-2024-6385	GitLab CE/EE	Critical
Import Functionality Vulnerabilities	CVE-2024-5655	GitLab CE/EE	High
Import Functionality Vulnerabilities	CVE-2024-6678	GitLab CE/EE	High
Import Functionality Vulnerabilities	CVE-2024-8970	GitLab CE/EE	High
Access Token Exposure in Logs	CVE-2025-0194	GitLab CE/EE	Medium
Cyclic Reference of Epics Leading to DoS	CVE-2024-6324	GitLab CE/EE	Medium
Unauthorized Manipulation of Issue Status	CVE-2024-12431	GitLab CE/EE	Medium
Instance SAML Bypass	CVE-2024-13041	GitLab CE/EE	Medium

Technical Summary

This update addresses several significant vulnerabilities identified in GitLab CE/EE:

CVE ID	System Affected	Vulnerability Details	Impact
CVE-2024-6385	GitLab CE/EE	Vulnerability in import functionality allowing potential exploitation	Allows attackers to exploit the system.
CVE-2024-5655
CVE-2024-6678
CVE-2024-8970
CVE-2025-0194	GitLab CE/EE	Possible exposure of access tokens in logs under certain conditions.	Potential unauthorized access to sensitive resources.
CVE-2024-6324	GitLab CE/EE	Cyclic references between epics could lead to resource exhaustion, causing a Denial of Service (DoS).	Service disruption due to resource exhaustion.
CVE-2024-12431	GitLab CE/EE	Unauthorized users could manipulate issue statuses in public projects, potentially disrupting workflows.	Workflow disruption and compromised data integrity.
CVE-2024-13041	GitLab CE/EE	Flaw in instance SAML configuration allowing bypass of external provider settings.	Unauthorized access to internal projects or groups.

Key Changes to Import Functionality:

Post-import mapping: This new feature allows administrators to assign imported contributions and memberships to users after the import process is complete, enhancing control and security.

Email-independent mapping: The updated mapping process no longer relies on email addresses, providing greater flexibility and security when importing from instances with different email domains.

User control: Users on the destination instance now have the power to accept or reject assigned contributions, adding another layer of security and preventing unauthorized access.

Remediation:

Upgrade GitLab Instances: All users are strongly advised to upgrade to versions 17.7.1, 17.6.3, or 17.5.5 immediately to mitigate these vulnerabilities.

Disable Importers Temporarily: Until upgrades are complete, disable importers to avoid exploitation. If import functionality is essential, enable it only during the import process and disable it afterward.

Adopt Updated Features: Leverage the new post-import mapping, email-independent mapping, and user control enhancements for increased security.

Conclusion:

The vulnerabilities addressed in this patch release highlight the importance of timely updates and proactive security measures. GitLab’s redesign of its import functionality and the prompt patch release demonstrate a commitment to user security. Upgrading to the latest patched versions and adhering to the recommended actions is critical to maintaining a secure environment.

References:

https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/

https://securityonline.info/gitlab-tackles-critical-security-flaws-in-latest-patch-release/

Image

A close-up of a warning sign

Description automatically generated

Ivanti Connect Secure VPN Actively Being Exploited in the Wild

Ivanti announced two critical vulnerabilities impacting its Connect Secure (ICS) VPN appliances: CVE-2025-0282 and CVE-2025-0283. Notably, CVE-2025-0282 has been actively exploited in the wild since mid-December 2024.

As per Ivanti threat actors have attempted to bypass detection by the ICT, Ivanti has provided examples demonstrating the differences between successful scans and unsuccessful ones on compromised devices to help users identify potential compromises.

Summary

OEM	Ivanti
Severity	Critical
CVSS	9.0
CVEs	CVE-2025-0282, CVE-2025-0283
Exploited in Wild	Yes
Patch/Remediation Available	Yes
Advisory Version	1.0

Overview

This stack-based buffer overflow flaw allows unauthenticated attackers to execute arbitrary code on affected devices. Another Vulnerability, CVE-2025-0283, could allow a local authenticated attacker to escalate privileges. Ivanti has released patches for Connect Secure and recommends immediate updates to mitigate the risk.

Vulnerability Name	CVE ID	Product Affected	Severity	Affected Version
Stack-Based Buffer Overflow Vulnerability	CVE-2025-0282	Ivanti	Critical	22.7R2 through 22.7R2.4  22.7R1 through 22.7R1.2  22.7R2 through 22.7R2.3
Stack-Based Buffer Overflow Vulnerability	CVE-2025-0283	Ivanti	High	22.7R2.4 and prior 9.1R18.9 and prior  22.7R1.2 and prior 22.7R2.3 and prior

Technical Summary

CVE ID	System Affected	Vulnerability Details	Impact
CVE-2025-0282	Ivanti Connect Secure, Ivanti Policy Secure, Ivanti Neurons for ZTA gateways	A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.	RCE, System compromise, Data theft, Network breaches, and Service disruptions.
CVE-2025-0283	Ivanti Connect Secure, Ivanti Policy Secure, Ivanti Neurons for ZTA gateways	A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges	Allow Local Authenticated Attackers to Escalate Privileges.

Remediation:

Ensure that the appropriate patches or updates are applied to the relevant Ivanti
Organizations using ICS appliances are strongly advised to apply these patches and follow Ivanti’s Security Advisory to safeguard their systems.

versions as listed below:

Affected Version(s)	Fixes and Releases
22.7R2 through 22.7R2.4	22.7R2.5
22.7R2.4 and prior,  9.1R18.9 and prior	22.7R2.5
22.7R2 through 22.7R2.3	22.7R2.5, Patch planned availability Jan. 21
22.7R2.3 and prior	22.7R2.5, Patch planned availability Jan. 21
22.7R1 through 22.7R1.2	Patch planned availability Jan. 21
22.7R1.2 and prior	Patch planned availability Jan. 21

Ivanti Connect Secure: Upgrade to version 22.7R2.5, perform a clean ICT scan, and factory reset appliances before putting them into production for added security.

Ivanti Connect Secure (Compromise Detected): Perform a factory reset and upgrade to version 22.7R2.5 to remove malware and ensure continued monitoring with security tools.

Ivanti Policy Secure: Ensure the appliance is not exposed to the internet, as the risk of exploitation is lower, and expect a fix on January 21, 2025.

Ivanti Neurons for ZTA Gateways: Ensure ZTA gateways are connected to a controller for protection, with a fix available on January 21, 2025.

General Recommendation

Regularly update software and systems to address known vulnerabilities.

Implement continuous monitoring to identify any unauthorized access or suspicious activities.

Use strong authentication and access controls to minimize unauthorized access and reduce attack surfaces.

Create and Maintain an incident response plan to quickly mitigate the impact of any security breach.

References:

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283?language=en_US

https://nvd.nist.gov/vuln/detail/CVE-2025-0283

https://nvd.nist.gov/vuln/detail/CVE-2025-0282

https://thehackernews.com/2025/01/ivanti-flaw-cve-2025-0282-actively.html

Re-release of November 2024 Exchange Server Security Updates

Microsoft users had a tough time to send or load attachments to emails when using Outlook, were unable to connect to the server, and in some cases could not log into their accounts.

Microsoft Exchange Online is a platform for business communication that has a mail server and cloud apps for email, contacts, and calendars.

Microsoft mitigated the issue after identification were able to determine the cause of the outages and is rolling out a fix for the issue. That rollout is gradual, however, as outage reports continue to come in at DownDetector.

Impact

The outage left many users unable to communicate with colleagues, particularly as it coincided with the start of the workday in Europe. Frustration quickly spread across social media, with users reporting issues accessing emails and participating in Teams calls

Re-release of November 2024 Exchange Server Security Updates

Summary

OEM	Microsoft
Severity	High
Date of Announcement	27/11/2024
Product	Microsoft Exchange Server
CVE ID	CVE-2024-49040
CVSS Score	7.5
Exploited in Wild	No
Patch/Remediation Available	Yes
Advisory Version	1.0

Overview

On November 27, 2024, Microsoft re-released the November 2024 Security Updates (SUs) for Exchange Server to resolve an issue introduced in the initial release on November 12, 2024. The original update (SUv1) caused Exchange Server transport rules to intermittently stop functioning, particularly in environments using transport or Data Loss Protection (DLP) rules. The updated version (SUv2) addresses this issue.

Table of Actions for Admins:

Scenario	Action Required
SUv1 installed manually, and transport/DLP rules are not used	Install SUv2 to regain control over the X-MS-Exchange-P2FromRegexMatch header.
SUv1 installed via Windows/Microsoft Update, no transport/DLP rules used	No immediate action needed; SUv2 will be installed automatically in December 2024.
SUv1 installed and then uninstalled due to transport rule issues	Install SUv2 immediately.
SUv1 never installed	Install SUv2 immediately.

Remediation Steps

1. Immediate Actions

Use the Health Checker script to inventory your Exchange Servers and assess update needs.

Install the latest Cumulative Update (CU) followed by the November 2024 SUv2.

2. Monitor System Performance

After enabling AMSI integration for message bodies, monitor for any performance issues such as delays in mail flow or server responsiveness.

3. Run SetupAssist Script for Issues

Use the SetupAssist script to troubleshoot issues with failed installations or update issues, and check logs for specific error details.

References:

https://techcommunity.microsoft.com/blog/exchange/re-release-of-november-2024-exchange-server-security-update-packages/4341892

GitLab Releases Patch to Fix Critical and High-Severity Vulnerabilities

Ivanti Connect Secure VPN Actively Being Exploited in the Wild

Re-release of November 2024 Exchange Server Security Updates

Recent Posts

Recent Comments

Search

Recent Comments

Recent Posts

Archives