Multiple vulnerabilities in GitLab, Gitlab Community Edition

Published: 2018-07-03 | Updated: 2020-07-17

Risk	High
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2017-0919 CVE-2017-0921
CWE-ID	CWE-306 CWE-640
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	Gitlab Community Edition Universal components / Libraries / Software for developers
Vendor	GitLab, Inc

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Missing Authentication for Critical Function

EUVDB-ID: #VU31275

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-0919

CWE-ID: CWE-306 - Missing Authentication for Critical Function

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 10.3.0 - 10.3.3

External links

http://hackerone.com/reports/301137

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Weak Password Recovery Mechanism for Forgotten Password

EUVDB-ID: #VU31276

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-0921

CWE-ID: CWE-640 - Weak password recovery mechanism