Multiple vulnerabilities in GitLab



Published: 2020-05-29
Risk Medium
Patch available YES
Number of vulnerabilities 17
CVE-ID N/A
CWE-ID CWE-285
CWE-200
CWE-79
CWE-94
CWE-400
CWE-284
CWE-264
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Gitlab Community Edition
Universal components / Libraries / Software for developers

GitLab Enterprise Edition
Universal components / Libraries / Software for developers

Vendor GitLab, Inc

Security Bulletin

This security bulletin contains information about 17 vulnerabilities.

1) Improper Authorization

EUVDB-ID: #VU28298

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass email verification process.

The vulnerability exists due to a unspecified error. A remote attacker can bypass the email verification process.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 12.5.0 - 13.0.0

GitLab Enterprise Edition: 12.5.0 - 13.0.0


CPE2.3 External links

http://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Authorization

EUVDB-ID: #VU28329

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a remote user to update data of other users.

The vulnerability exists due to insecure authorization check that allows a remote authenticated user to update permissions of other users' deploy keys under certain conditions.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 12.8.0 - 13.0.0

GitLab Enterprise Edition: 12.8.0 - 13.0.0


CPE2.3 External links

http://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Information disclosure

EUVDB-ID: #VU28334

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due Amazon EKS Credentials are disclosed to other administrators of an instance through HTML source code.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 12.6.0 - 13.0.0

GitLab Enterprise Edition: 12.6.0 - 13.0.0


CPE2.3 External links

http://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Cross-site scripting

EUVDB-ID: #VU28333

Risk: Low

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the Static Site Editor. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 12.10.0 - 13.0.0

GitLab Enterprise Edition: 12.10.0 - 13.0.0


CPE2.3 External links

http://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Client-side code injection

EUVDB-ID: #VU28332

Risk: Low

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote attacker can send a specially crafted Mermaid payload and perform PUT requests on behalf of other users when clicking on a link.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 12.9.0 - 13.0.0

GitLab Enterprise Edition: 12.9.0 - 13.0.0


CPE2.3 External links

http://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Resource exhaustion

EUVDB-ID: #VU28331

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources on Custom Dashboards. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 12.0.0 - 13.0.0

GitLab Enterprise Edition: 12.0.0 - 12.10.6


CPE2.3 External links

http://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Cross-site scripting

EUVDB-ID: #VU28330

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data on the Metrics Dashboard. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary JavaScript code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 12.8.0 - 13.0.0

GitLab Enterprise Edition: 12.8.0 - 13.0.0


CPE2.3 External links

http://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Information disclosure

EUVDB-ID: #VU28328

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to application may expose presence of files on the system. A remote non-authenticated attacker can send a specially crafted request and confirm the existence of files hosted on object storage services, without disclosing their contents.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 12.10.0 - 13.0.0

GitLab Enterprise Edition: 12.10.0 - 13.0.0


CPE2.3 External links

http://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper Authorization

EUVDB-ID: #VU28320

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass email verification process.

The vulnerability exists due to the way Gitlab processes email verification within the OAuth flow. A remote attacker can bypass email verification process during registration.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

GitLab Enterprise Edition: 12.3.0 - 13.0.0

Gitlab Community Edition: 12.3.0 - 13.0.0


CPE2.3 External links

http://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Information disclosure

EUVDB-ID: #VU28327

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the Kubernetes cluster token is visible to other group maintainers.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 10.3 - 13.0.0

GitLab Enterprise Edition: 10.4.0 - 13.0.0


CPE2.3 External links

http://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Cross-site scripting

EUVDB-ID: #VU28326

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data passed to repository files API. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

GitLab Enterprise Edition: 6.2.0 - 13.0.0


CPE2.3 External links

http://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper access control

EUVDB-ID: #VU28325

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote guest user can create a fork relation on restricted public projects.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 11.3 - 13.0.0

GitLab Enterprise Edition: 11.3.0 - 13.0.0


CPE2.3 External links

http://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU28324

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to the way application deletes mirror projects. A remote attacker can impersonate owners of deleted projects.

Please note that the edit project API endpoint has been restricted and only admin users have the ability to set the mirror_user_id

Mitigation

Install updates from vendor's website.

Vulnerable software versions

GitLab Enterprise Edition: 9.5.0 - 13.0.0


CPE2.3 External links

http://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper Authorization

EUVDB-ID: #VU28323

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exits due to an error in the group sign-up registration process. A user with an unverified address within the restricted domain could request access to domain restricted groups.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 12.2.0 - 13.0.0

GitLab Enterprise Edition: 12.2.0 - 13.0.0


CPE2.3 External links

http://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper access control

EUVDB-ID: #VU28322

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to unspecified issue, related to misconfigured cloud environments.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 11.9.0 - 13.0.0

GitLab Enterprise Edition: 11.9.0 - 13.0.0


CPE2.3 External links

http://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper Authorization

EUVDB-ID: #VU28321

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass email verification procedure.

The vulnerability exists due to absent notification email verification procedure. A remote user can setup notification email without email verification.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 0.9.4 - 13.0.0

GitLab Enterprise Edition: 6.2.0 - 13.0.0


CPE2.3 External links

http://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Resource exhaustion

EUVDB-ID: #VU28335

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in Workhorse. A remote attacker can trigger resource exhaustion by uploading malicious artifacts and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 0.9.4 - 13.0.0

GitLab Enterprise Edition: 6.2.0 - 13.0.0


CPE2.3 External links

http://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###