GitLab Affected by GitHub-Style CDN Flaw Allowing Malware Hosting
-
- BleepingComputer reported a vulnerability in GitHub that threat actors exploit to distribute malware using seemingly trustworthy URLs associated with Microsoft repositories. This issue extends to GitLab as well, allowing threat actors to create convincing lures using any public repository on either platform. Malicious activity on GitHub has primarily targeted Microsoft URLs, but the flaw could be exploited on any public repository. Additionally, threat actors have used GitHub comments to distribute malware, making it appear as if the files were hosted by reputable organizations. However, these files were found on GitHub's CDN, likely uploaded by threat actors abusing the platform's comments feature. By attaching files to comments on GitHub, users inadvertently upload them to GitHub's CDN, creating unique URLs associated with the related project. Even if the comment is not posted or deleted later, the link remains active. GitLab is susceptible to similar abuse of its comments feature.
ที่มาแหล่งข่าว
https://www.bleepingcomputer.com/news/security/gitlab-affected-by-github-style-cdn-flaw-allowing-malware-hosting/สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand