SB2018103003 - Arch Linux update for gitlab

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018103003

SB2018103003 - Arch Linux update for gitlab

Published: October 30, 2018

Security Bulletin ID SB2018103003
CSH Severity
High
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 14% Low 86%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2018-18640)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to private project pages have inadequate cache control. A remote attacker can view private project pages in the browser.


2) SQL injection (CVE-ID: CVE-2018-18641)

The disclosed vulnerability allows a remote attacker to execute arbitrary SQL commands in application database.

The vulnerability exists due to personal access tokens were being stored unencrypted as plain text in the database. A remote attacker can send a specially crafted request to vulnerable application and execute arbitrary SQL commands in application's database.


3) Cross-site scripting (CVE-ID: CVE-2018-18643)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to the fragment identifier (hash) of several pages in GitLab contained a lack of input validation and output encoding issue. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


4) Information disclosure (CVE-ID: CVE-2018-18645)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to user's unsubscribe link can be included in the issue when replying to an issue through email, with the GitLab email footer included. A remote attacker can view arbitrary data.

5) Server-side request forgery (CVE-ID: CVE-2018-18646)

The vulnerability allows a remote user to perform SSRF attack.

The weakness exists due to a SSRF issue in the GitLab Hipchat integration. A remote attacker can conduct a server-side request forgery (SSRF) attack and make requests to any local network resource accessible from the GitLab server.

6) Information disclosure (CVE-ID: CVE-2018-18648)

The disclosed vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to a JSON endpoint was disclosing Gem version information. A remote attacker can supply stack trace error message and discover vulnerable Gems available on a specific GitLab instance.


7) Improper input validation (CVE-ID: CVE-2018-18649)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to insufficient validation of user-supplied input in wiki API. A remote attacker can supply specially crafted input, trigger unspecified flaw and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References