Gitea Vulnerability Exposed 30,000 Deployments to Attacks

According to NoScope, a Shodan search uncovered over 34,000 internet-facing Gitea instances. Of these, approximately 93%, or 31,750, were likely vulnerable.Analysis of the potentially affected deployments revealed that roughly 4,000 were production systems running on major cloud or VPS platforms. Approximately 7,000 instances, NoScope says, were running on Gitea’s default port.“The data is unambiguous. These aren’t hobby machines. These are organisations that made a deliberate decision to self-host their development infrastructure, running it on production-grade compute, for real workloads,” the AI pentesting firm notes.Organizations are advised to update to Gitea version 1.26.2 immediately, or to change the configuration settings to require authentication for all content access.“Note that this setting is not suitable for instances that intentionally expose some containers publicly; operators in that situation should weigh the trade-off carefully,” NoScope says.Related:Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance RateRelated:Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker ImagesRelated:Ghost CMS Vulnerability Exploited to Hack Over 700 WebsitesRelated:‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains

Analysis of the potentially affected deployments revealed that roughly 4,000 were production systems running on major cloud or VPS platforms. Approximately 7,000 instances, NoScope says, were running on Gitea’s default port.“The data is unambiguous. These aren’t hobby machines. These are organisations that made a deliberate decision to self-host their development infrastructure, running it on production-grade compute, for real workloads,” the AI pentesting firm notes.Organizations are advised to update to Gitea version 1.26.2 immediately, or to change the configuration settings to require authentication for all content access.“Note that this setting is not suitable for instances that intentionally expose some containers publicly; operators in that situation should weigh the trade-off carefully,” NoScope says.Related:Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance RateRelated:Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker ImagesRelated:Ghost CMS Vulnerability Exploited to Hack Over 700 WebsitesRelated:‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains

“The data is unambiguous. These aren’t hobby machines. These are organisations that made a deliberate decision to self-host their development infrastructure, running it on production-grade compute, for real workloads,” the AI pentesting firm notes.Organizations are advised to update to Gitea version 1.26.2 immediately, or to change the configuration settings to require authentication for all content access.“Note that this setting is not suitable for instances that intentionally expose some containers publicly; operators in that situation should weigh the trade-off carefully,” NoScope says.Related:Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance RateRelated:Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker ImagesRelated:Ghost CMS Vulnerability Exploited to Hack Over 700 WebsitesRelated:‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains

Organizations are advised to update to Gitea version 1.26.2 immediately, or to change the configuration settings to require authentication for all content access.“Note that this setting is not suitable for instances that intentionally expose some containers publicly; operators in that situation should weigh the trade-off carefully,” NoScope says.Related:Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance RateRelated:Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker ImagesRelated:Ghost CMS Vulnerability Exploited to Hack Over 700 WebsitesRelated:‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains

“Note that this setting is not suitable for instances that intentionally expose some containers publicly; operators in that situation should weigh the trade-off carefully,” NoScope says.Related:Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance RateRelated:Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker ImagesRelated:Ghost CMS Vulnerability Exploited to Hack Over 700 WebsitesRelated:‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains

Related:Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance RateRelated:Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker ImagesRelated:Ghost CMS Vulnerability Exploited to Hack Over 700 WebsitesRelated:‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains

Related:Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker ImagesRelated:Ghost CMS Vulnerability Exploited to Hack Over 700 WebsitesRelated:‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains

Related:Ghost CMS Vulnerability Exploited to Hack Over 700 WebsitesRelated:‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains

Related:‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains

Ionut Arghire is an international correspondent for SecurityWeek.

Source: SecurityWeek