Multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE)
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2022-4205 CVE-2022-3902 CVE-2022-4054 CVE-2022-3478 CVE-2022-4201 |
| CWE-ID | CWE-254 CWE-200 CWE-20 CWE-918 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Gitlab Community Edition Universal components / Libraries / Software for developers GitLab Enterprise Edition Universal components / Libraries / Software for developers |
| Vendor | GitLab, Inc |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Security features bypass
EUVDB-ID: #VU69772
Risk: Medium
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4205
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected application uses a branch with a hexadecimal name. A remote user can override an existing hash.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 0.1.5 - 15.6.0
GitLab Enterprise Edition: 6.2.0 - 15.6.0
External linkshttp://about.gitlab.com/releases/2022/11/30/security-release-gitlab-15-6-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU69774
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3902
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in webhook logs. A remote administrator can unmask webhook secret tokens by reviewing the logs after testing webhooks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 9.3 - 15.6.0
GitLab Enterprise Edition: 9.3.0 - 15.6.0
External linkshttp://about.gitlab.com/releases/2022/11/30/security-release-gitlab-15-6-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU69776
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4054
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote administrator can leak a webhook secret token by changing the webhook URL to an endpoint that allows them to capture request headers.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 9.3 - 15.6.0
GitLab Enterprise Edition: 9.3.0 - 15.6.0
External linkshttp://about.gitlab.com/releases/2022/11/30/security-release-gitlab-15-6-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU69785
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3478
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within sidekiq background job. A remote user can upload a specially crafted NuGet package and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 12.8.0 - 15.6.0
GitLab Enterprise Edition: 12.8.0 - 15.6.0
External linkshttp://about.gitlab.com/releases/2022/11/30/security-release-gitlab-15-6-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU69786
Risk: Medium
CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4201
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input. A remote user can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
MitigationInstall updates from vendor's website.
Gitlab Community Edition: 11.3 - 15.6.0
GitLab Enterprise Edition: 11.3.0 - 15.6.0
External linkshttp://about.gitlab.com/releases/2022/11/30/security-release-gitlab-15-6-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
