CISA Flags Two Actively Exploited Vulnerabilities in GitLab and Windows

CISA Adds Two Critical Vulnerabilities to Exploited Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog with two new entries after confirming their active exploitation in the wild. The vulnerabilities affect GitLab and Microsoft Windows systems, posing significant risks to unpatched environments.

Vulnerabilities Added

CISA’s latest additions include:

1. CVE-2021-22175 – A Server-Side Request Forgery (SSRF) vulnerability in GitLab Community and Enterprise Editions (versions 11.9 to 14.9.2). This flaw allows attackers to make arbitrary HTTP requests from the GitLab server, potentially accessing internal systems or exfiltrating sensitive data.

2. CVE-2023-21768 – A privilege escalation vulnerability in the Windows Advanced Local Procedure Call (ALPC) interface. Exploitation could enable attackers to gain SYSTEM-level privileges, leading to full system compromise.

Technical Details

• CVE-2021-22175 (GitLab SSRF)

  • Affected Versions: GitLab CE/EE 11.9 to 14.9.2
  • Exploitation Vector: Attackers can manipulate server-side requests to bypass security controls, potentially accessing internal resources or performing reconnaissance.
  • Impact: Unauthorized data access, lateral movement, or further exploitation of internal systems.

• CVE-2023-21768 (Windows ALPC Elevation of Privilege)

  • Affected Systems: Windows 10, 11, and Server 2019/2022
  • Exploitation Mechanism: A flaw in the ALPC interface allows attackers with local access to escalate privileges to SYSTEM, the highest level in Windows.
  • Impact: Full system takeover, malware persistence, or further propagation within a network.

Impact Analysis

Both vulnerabilities are under active exploitation, increasing the urgency for organizations to apply patches. The GitLab SSRF flaw could expose internal networks, while the Windows ALPC bug enables attackers to escalate privileges, a critical step in many cyberattacks.

Federal agencies are required to remediate these vulnerabilities by March 11, 2026, per Binding Operational Directive (BOD) 22-01. Private sector organizations are strongly advised to prioritize patching.

Recommendations

• Patch Immediately: Apply GitLab’s security updates and Microsoft’s February 2023 Patch Tuesday fixes.
• Monitor for Exploitation: Review logs for unusual HTTP requests (GitLab) or privilege escalation attempts (Windows).
• Segment Networks: Limit internal access to GitLab servers to reduce SSRF attack surfaces.
• Enforce Least Privilege: Restrict local admin rights to mitigate Windows ALPC exploitation risks.

For more details, refer to CISA’s official alert.