SB2018070306 - Multiple vulnerabilities in GitLab, Gitlab Community Edition

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Missing Authentication for Critical Function (CVE-ID: CVE-2017-0919)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized.

2) Weak Password Recovery Mechanism for Forgotten Password (CVE-ID: CVE-2017-0921)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.

Remediation

Install update from vendor's website.

References

• https://hackerone.com/reports/301137
• https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/