terrapin ssh vulnerability
According to terrapin the ssh deamon offered by gitlab is vulnerable for terrapin attacks (part of on prem gitlab installations)
terrapin recommends to disable a cipher but i see no option how this can be done with the gitlab go ssh daemon.
example config line that can be added to openssh for mitigation:
#CVE-2023-48795 mitigation
Ciphers -chacha20-poly1305@openssh.com
gitlab version I checked: 16.5.4-ce0
steps to reprduce:
-
download vulnerability scanner from here: https://github.com/RUB-NDS/Terrapin-Scanner/releases/tag/v1.0.3
-
run:
Terrapin_Scanner_Linux_amd64 -connect <gitlab-server>:<ssh-port>
references:
- https://terrapin-attack.com/
- CVE-2023-48795: General Protocol Flaw
Edited by tob1233