{"id":3887,"date":"2024-05-07T17:59:23","date_gmt":"2024-05-07T17:59:23","guid":{"rendered":"https:\/\/chuyendoiso.haiphong.gov.vn\/?p=3887"},"modified":"2025-04-17T09:00:21","modified_gmt":"2025-04-17T09:00:21","slug":"cisa-canh-bao-ve-viec-khai-thac-lo-hong-nghiem-trong-dat-lai-mat-khau-tren-gitlab","status":"publish","type":"post","link":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/2024\/05\/07\/cisa-canh-bao-ve-viec-khai-thac-lo-hong-nghiem-trong-dat-lai-mat-khau-tren-gitlab\/","title":{"rendered":"CISA c\u1ea3nh b\u00e1o v\u1ec1 vi\u1ec7c khai th\u00e1c l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng \u0111\u1eb7t l\u1ea1i m\u1eadt kh\u1ea9u tr\u00ean GitLab"},"content":{"rendered":"<p><strong>C\u01a1 quan An ninh m\u1ea1ng v\u00e0 C\u01a1 s\u1edf h\u1ea1 t\u1ea7ng Hoa K\u1ef3 (CISA) b\u1ed5 sung m\u1ed9t l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn GitLab v\u00e0o danh m\u1ee5c c\u00e1c l\u1ed7 h\u1ed5ng b\u1ecb khai th\u00e1c \u0111\u00e3 bi\u1ebft (KEV) do ho\u1ea1t \u0111\u1ed9ng khai th\u00e1c t\u00edch c\u1ef1c tr\u00ean th\u1ef1c t\u1ebf.<\/strong><\/p>\n<div class=\"image\"><a title=\"CISA c\u1ea3nh b\u00e1o v\u1ec1 vi\u1ec7c khai th\u00e1c l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng \u0111\u1eb7t l\u1ea1i m\u1eadt kh\u1ea9u tr\u00ean GitLab\"><img decoding=\"async\" src=\"https:\/\/tailieu.antoanthongtin.vn\/Files\/files\/site-2\/images\/20240503\/3(1).png\" alt=\"CISA c\u1ea3nh b\u00e1o v\u1ec1 vi\u1ec7c khai th\u00e1c l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng \u0111\u1eb7t l\u1ea1i m\u1eadt kh\u1ea9u tr\u00ean GitLab\" \/><\/a><\/div>\n<p>\u0110\u01b0\u1ee3c g\u1eafn m\u00e3 theo d\u00f5i l\u00e0 CVE-2023-7028 (\u0111i\u1ec3m CVSS 10.0), \u0111\u00e2y l\u00e0 m\u1ed9t\u00a0l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng\u00a0c\u00f3 th\u1ec3 cho ph\u00e9p c\u00e1c t\u00e1c nh\u00e2n \u0111e d\u1ecda kh\u00f4ng \u0111\u01b0\u1ee3c x\u00e1c th\u1ef1c t\u1eeb xa g\u1eedi email \u0111\u1eb7t l\u1ea1i m\u1eadt kh\u1ea9u \u0111\u1ebfn c\u00e1c t\u00e0i kho\u1ea3n email d\u01b0\u1edbi s\u1ef1 ki\u1ec3m so\u00e1t c\u1ee7a ch\u00fang \u0111\u1ec3 thay \u0111\u1ed5i m\u1eadt kh\u1ea9u v\u00e0 chi\u1ebfm \u0111o\u1ea1t c\u00e1c t\u00e0i kho\u1ea3n m\u1ee5c ti\u00eau m\u00e0 kh\u00f4ng c\u00f3 s\u1ef1 t\u01b0\u01a1ng t\u00e1c t\u1eeb ph\u00eda ng\u01b0\u1eddi d\u00f9ng.<\/p>\n<p>GitLab\u00a0l\u01b0u tr\u1eef d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m, bao g\u1ed3m c\u1ea3 kh\u00f3a API. Vi\u1ec7c khai th\u00e1c th\u00e0nh c\u00f4ng l\u1ed7 h\u1ed5ng CVE-2023-7028 c\u00f3 th\u1ec3 g\u00e2y ra h\u1eadu qu\u1ea3 nghi\u00eam tr\u1ecdng v\u00ec n\u00f3 kh\u00f4ng ch\u1ec9 cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng chi\u1ebfm quy\u1ec1n ki\u1ec3m so\u00e1t t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng GitLab m\u00e0 c\u00f2n \u0111\u00e1nh c\u1eafp th\u00f4ng tin nh\u1ea1y c\u1ea3m, th\u00f4ng tin x\u00e1c th\u1ef1c v\u00e0 th\u1eadm ch\u00ed c\u1ea3 kho l\u01b0u tr\u1eef m\u00e3 ngu\u1ed3n \u0111\u1ed9c h\u1ea1i b\u1eb1ng m\u00e3 \u0111\u1ed9c, d\u1eabn \u0111\u1ebfn c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng\u00a0chu\u1ed7i cung \u1ee9ng.<\/p>\n<p>V\u00ed d\u1ee5, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 quy\u1ec1n truy c\u1eadp v\u00e0o c\u1ea5u h\u00ecnh CI\/CD c\u00f3 th\u1ec3 nh\u00fang m\u00e3 \u0111\u1ed9c \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1ec3 \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m, ch\u1eb3ng h\u1ea1n nh\u01b0 Th\u00f4ng tin nh\u1eadn d\u1ea1ng c\u00e1 nh\u00e2n (PII) ho\u1eb7c m\u00e3 th\u00f4ng b\u00e1o x\u00e1c th\u1ef1c, chuy\u1ec3n h\u01b0\u1edbng ch\u00fang \u0111\u1ebfn m\u00e1y ch\u1ee7 do k\u1ebb t\u1ea5n c\u00f4ng ki\u1ec3m so\u00e1t.<\/p>\n<p>T\u01b0\u01a1ng t\u1ef1 nh\u01b0 v\u1eady, vi\u1ec7c gi\u1ea3 m\u1ea1o m\u00e3 kho l\u01b0u tr\u1eef c\u00f3 th\u1ec3 li\u00ean quan \u0111\u1ebfn vi\u1ec7c ch\u00e8n ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i l\u00e0m t\u1ed5n h\u1ea1i \u0111\u1ebfn t\u00ednh to\u00e0n v\u1eb9n c\u1ee7a h\u1ec7 th\u1ed1ng ho\u1eb7c cung c\u1ea5p\u00a0backdoor\u00a0\u0111\u1ec3 truy c\u1eadp tr\u00e1i ph\u00e9p.<\/p>\n<p>Hi\u1ec7n t\u1ea1i, CISA ch\u01b0a chia s\u1ebb b\u1ea5t k\u1ef3 th\u00f4ng tin n\u00e0o li\u00ean quan \u0111\u1ebfn c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng \u0111ang di\u1ec5n ra khai th\u00e1c l\u1ed7i b\u1ea3o m\u1eadt GitLab c\u00f3 m\u1ee9c \u0111\u1ed9 nghi\u00eam tr\u1ecdng t\u1ed1i \u0111a n\u00e0y, nh\u01b0ng c\u01a1 quan n\u00e0y x\u00e1c nh\u1eadn r\u1eb1ng kh\u00f4ng c\u00f3 b\u1eb1ng ch\u1ee9ng n\u00e0o cho th\u1ea5y n\u00f3 \u0111ang \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng trong c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng\u00a0m\u00e3 \u0111\u1ed9c t\u1ed1ng ti\u1ec1n.<\/p>\n<p>CISA l\u01b0u \u00fd, \u0111i\u1ec1u quan tr\u1ecdng l\u00e0 c\u1ea7n ph\u1ea3i v\u00e1 c\u00e1c h\u1ec7 th\u1ed1ng c\u00f3 t\u00e0i kho\u1ea3n kh\u00f4ng \u0111\u01b0\u1ee3c b\u1ea3o v\u1ec7 b\u1eb1ng bi\u1ec7n ph\u00e1p x\u00e1c th\u1ef1c hai y\u1ebfu t\u1ed1 (2FA), b\u1edfi c\u00e1c tin t\u1eb7c s\u1ebd kh\u00f4ng th\u1ec3 khai th\u00e1c l\u1ed7 h\u1ed5ng \u0111\u1ec3 chi\u1ebfm \u0111o\u1ea1t \u0111\u1ed1i v\u1edbi c\u00e1c t\u00e0i kho\u1ea3n b\u1eadt t\u00ednh n\u0103ng x\u00e1c th\u1ef1c b\u1ed5 sung n\u00e0y.<\/p>\n<p>L\u1ed7 h\u1ed5ng CVE-2023-7028 \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn c\u00e1c phi\u00ean b\u1ea3n GitLab Community v\u00e0 Enterprise. GitLab \u0111\u00e3 s\u1eeda l\u1ed7i n\u00e0y trong phi\u00ean b\u1ea3n 16.7.2, 16.5.6 v\u00e0 16.6.4.<\/p>\n<p>CISA hi\u1ec7n v\u1eabn ch\u01b0a cung c\u1ea5p b\u1ea5t k\u1ef3 chi ti\u1ebft n\u00e0o kh\u00e1c v\u1ec1 c\u00e1ch l\u1ed7 h\u1ed5ng n\u00e0y b\u1ecb khai th\u00e1c tr\u00ean th\u1ef1c t\u1ebf. Do t\u00ecnh tr\u1ea1ng l\u1ea1m d\u1ee5ng l\u1ed7 h\u1ed5ng \u0111ang di\u1ec5n ra, CISA khuy\u1ebfn ngh\u1ecb c\u00e1c t\u1ed5 ch\u1ee9c c\u1ea7n ph\u1ea3i \u00e1p d\u1ee5ng c\u00e1c b\u1ea3n s\u1eeda l\u1ed7i m\u1edbi nh\u1ea5t tr\u01b0\u1edbc ng\u00e0y 22\/5 \u0111\u1ec3 ng\u0103n ch\u1eb7n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng ti\u1ec1m t\u00e0ng.<\/p>\n<p><em>Ngu\u1ed3n tin: https:\/\/antoanthongtin.vn\/<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>C\u01a1 quan An ninh m\u1ea1ng v\u00e0 C\u01a1 s\u1edf h\u1ea1 t\u1ea7ng Hoa K\u1ef3 (CISA) b\u1ed5 sung m\u1ed9t l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn GitLab v\u00e0o danh m\u1ee5c c\u00e1c l\u1ed7 h\u1ed5ng b\u1ecb khai th\u00e1c \u0111\u00e3 bi\u1ebft (KEV) do ho\u1ea1t \u0111\u1ed9ng khai th\u00e1c t\u00edch c\u1ef1c tr\u00ean th\u1ef1c t\u1ebf. \u0110\u01b0\u1ee3c g\u1eafn m\u00e3 theo d\u00f5i l\u00e0 CVE-2023-7028 (\u0111i\u1ec3m CVSS [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":3889,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[13],"tags":[],"class_list":{"0":"post-3887","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tin-tuc"},"_links":{"self":[{"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/posts\/3887","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/comments?post=3887"}],"version-history":[{"count":1,"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/posts\/3887\/revisions"}],"predecessor-version":[{"id":3894,"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/posts\/3887\/revisions\/3894"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/media\/3889"}],"wp:attachment":[{"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/media?parent=3887"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/categories?post=3887"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/tags?post=3887"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}