SB2020010312 - Multiple vulnerabilities in GitLab, Gitlab Community Edition
Published: January 3, 2020 Updated: July 17, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 14 secuirty vulnerabilities.
1) Improper access control (CVE-ID: CVE-2019-19255)
The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to improper access restrictions. A remote attacker can send a specially crafted request and gain unauthorized access to the affected application.
2) Improper access control (CVE-ID: CVE-2019-19256)
The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to improper access restrictions. A remote attacker can send a specially crafted request and gain unauthorized access to the affected application.
3) Improper access control (CVE-ID: CVE-2019-19257)
The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to improper access restrictions. A remote attacker can send a specially crafted request and gain unauthorized access to the affected application.
4) Improper access control (CVE-ID: CVE-2019-19258)
The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to improper access restrictions. A remote attacker can send a specially crafted request and gain unauthorized access to the affected application.
5) Authorization bypass through user-controlled key (CVE-ID: CVE-2019-19259)
The vulnerability allows a remote authenticated user to manipulate data.
GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Reference (IDOR).
6) Improper access control (CVE-ID: CVE-2019-19260)
The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to improper access restrictions. A remote attacker can send a specially crafted request and gain unauthorized access to the affected application.
7) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2019-19261)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF.
8) Improper access control (CVE-ID: CVE-2019-19309)
The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to improper access restrictions. A remote attacker can send a specially crafted request and gain unauthorized access to the affected application.
9) Insufficiently protected credentials (CVE-ID: CVE-2019-19310)
The vulnerability allows a remote privileged user to gain access to sensitive information.
GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure.
10) Information disclosure (CVE-ID: CVE-2019-19086)
The vulnerability allows a remote authenticated user to gain access to sensitive information.
Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2).
11) Information disclosure (CVE-ID: CVE-2019-19087)
The vulnerability allows a remote authenticated user to gain access to sensitive information.
Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2).
12) Path traversal (CVE-ID: CVE-2019-19088)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal.
13) Improper access control (CVE-ID: CVE-2019-19254)
The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to improper access restrictions. A remote attacker can send a specially crafted request and gain unauthorized access to the affected application.
14) Cross-site scripting (CVE-ID: CVE-2019-19311)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Remediation
Install update from vendor's website.