Multiple vulnerabilities in GitLab Community Edition and Enterprise Edition



Published: 2020-08-06 | Updated: 2020-08-10
Risk High
Patch available YES
Number of vulnerabilities 13
CVE-ID CVE-2020-13280
CVE-2020-13286
CVE-2020-13281
CVE-2020-13295
CVE-2020-13290
CVE-2020-13288
CVE-2020-13294
CVE-2020-13291
CVE-2020-13293
CVE-2020-13292
CVE-2020-13282
CVE-2020-13283
CVE-2020-13285
CWE-ID CWE-401
CWE-918
CWE-20
CWE-284
CWE-79
CWE-287
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Gitlab Community Edition
Universal components / Libraries / Software for developers

GitLab Enterprise Edition
Universal components / Libraries / Software for developers

Vendor GitLab, Inc

Security Bulletin

This security bulletin contains information about 13 vulnerabilities.

Updated 07.08.2020
Added vulnerabilities #2-3
Updated 10.08.2020
Added vulnerabilities #4-13

1) Memory leak

EUVDB-ID: #VU34099

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-13280

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak via excessive logging of invite email error. A remote attacker can force the application to leak memory and perform denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 13.0.0 - 13.2.2

GitLab Enterprise Edition: 13.0.0 - 13.2.2

External links

http://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Server-Side Request Forgery (SSRF)

EUVDB-ID: #VU34115

Risk: Medium

CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-13286

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to the git "http.<url>.proxy" setting could be changed when importing a repository via URL. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 12.7.0 - 13.2.2

GitLab Enterprise Edition: 12.7.0 - 13.2.2

External links

http://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU34114

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-13281

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the project import feature. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 8.9.0 - 13.2.2

GitLab Enterprise Edition: 8.9.0 - 13.2.2

External links

http://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Server-Side Request Forgery (SSRF)

EUVDB-ID: #VU41437

Risk: Medium

CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-13295

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input in the Shared Runner. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 0.9.4 - 13.2.2

GitLab Enterprise Edition: 6.2.0 - 13.2.2

External links

http://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper access control

EUVDB-ID: #VU41393

Risk: Medium

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-13290

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote user without two-factor authentication set up can still access the "/profile/applications" page even when two-factor authentication is required.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 8.4.0 - 13.2.2

GitLab Enterprise Edition: 8.4.0 - 13.2.2

External links

http://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Stored cross-site scripting

EUVDB-ID: #VU41289

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-13288

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the CI/CD Jobs page. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 13.0.0 - 13.2.2

GitLab Enterprise Edition: 13.0.0 - 13.2.2

External links

http://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper access control

EUVDB-ID: #VU41232

Risk: Medium

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-13294

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to access grants were not revoked when a user revoked access to an application. A remote authenticated attacker can bypass implemented security restrictions and gain unauthorized access to the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 7.7.0 - 13.2.2

GitLab Enterprise Edition: 7.7.0 - 13.2.2

External links

http://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper access control

EUVDB-ID: #VU41153

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-13291

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the project sharing. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 13.2.0 - 13.2.2

GitLab Enterprise Edition: 13.2.0 - 13.2.2

External links

http://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Input validation error

EUVDB-ID: #VU41143

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-13293

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a confusion when using hexadecimal branch names. A remote attacker can use a branch with a hexadecimal name and override an existing hash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 0.9.4 - 13.2.2

GitLab Enterprise Edition: 6.2.0 - 13.2.2

External links

http://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper Authentication

EUVDB-ID: #VU41137

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-13292

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests within the required email verification for the OAuth authorization code flow. A remote attacker can bypass authentication process and gain unauthorized access to the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 0.9.4 - 13.2.2

GitLab Enterprise Edition: 6.2.0 - 13.2.2

External links

http://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper access control

EUVDB-ID: #VU41132

Risk: Medium

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-13282

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions after group transfer. A remote authenticated attacker can silently and unexpectedly maintained their access levels when a subgroup is transferred.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 0.9.4 - 13.2.2

GitLab Enterprise Edition: 6.2.0 - 13.2.2

External links

http://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Stored cross-site scripting

EUVDB-ID: #VU41130

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-13283

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the milestone title field. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 10.8.0 - 13.2.2

GitLab Enterprise Edition: 10.8.0 - 13.2.2

External links

http://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Stored cross-site scripting

EUVDB-ID: #VU41129

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-13285

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the tooltip for issue reference numbers. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 12.9.0 - 13.2.2

GitLab Enterprise Edition: 12.9.0 - 13.2.2

External links

http://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###