SB2019090916 - Multiple vulnerabilities in GitLab, Gitlab Community Edition

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019090916

SB2019090916 - Multiple vulnerabilities in GitLab, Gitlab Community Edition

Published: September 9, 2019 Updated: July 17, 2020

Security Bulletin ID SB2019090916
Severity
High
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 11% Medium 56% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.


1) Improper Privilege Management (CVE-ID: CVE-2019-5468)

The vulnerability allows a remote authenticated user to execute arbitrary code.

An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account.


2) Information disclosure (CVE-ID: CVE-2019-5470)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information.


3) Improper Privilege Management (CVE-ID: CVE-2019-5472)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epic comments.


4) Missing Authorization (CVE-ID: CVE-2019-5474)

The vulnerability allows a remote authenticated user to manipulate data.

An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions.


5) Authorization bypass through user-controlled key (CVE-ID: CVE-2019-5469)

The vulnerability allows a remote authenticated user to manipulate data.

An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace project binaries or other uploaded assets.


6) Missing Authorization (CVE-ID: CVE-2019-5463)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.


7) Cross-site scripting (CVE-ID: CVE-2019-5467)

The vulnerability allows a remote authenticated user to read and manipulate data.

An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.


8) Cross-site scripting (CVE-ID: CVE-2019-5471)

The vulnerability allows a remote authenticated user to read and manipulate data.

An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6.


9) Input validation error (CVE-ID: CVE-2019-5461)

The vulnerability allows a remote authenticated user to manipulate data.

An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.


Remediation

Install update from vendor's website.

References