SB2020062001 - Multiple vulnerabilities in GitLab, Gitlab Community Edition
Published: June 20, 2020 Updated: July 17, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 vulnerabilities.
1) Insufficiently protected credentials (CVE-ID: CVE-2020-13261)
The vulnerability allows a remote privileged user to gain access to sensitive information.
Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code
2) Information disclosure (CVE-ID: CVE-2020-13264)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token
3) Cross-site scripting (CVE-ID: CVE-2020-13262)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link
4) Insufficient verification of data authenticity (CVE-ID: CVE-2020-13265)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification
5) Resource exhaustion (CVE-ID: CVE-2020-13273)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1
6) Resource exhaustion (CVE-ID: CVE-2020-13274)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1
Remediation
Install update from vendor's website.
References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13261.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/199242
- https://hackerone.com/reports/784130
- https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13264.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/55302
- https://hackerone.com/reports/702796
- https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13262.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/211949
- https://hackerone.com/reports/824689
- https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13265.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/121664
- https://hackerone.com/reports/762568
- https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13273.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/207349
- https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13274.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/14195