Multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE)



Published: 2023-08-02 | Updated: 2023-09-19
Risk Medium
Patch available YES
Number of vulnerabilities 15
CVE-ID CVE-2023-3993
CVE-2023-1210
CVE-2023-4011
CVE-2023-2022
CVE-2023-3900
CVE-2023-3401
CVE-2023-3500
CVE-2023-4008
CVE-2023-4002
CVE-2023-2164
CVE-2023-3385
CVE-2023-0632
CVE-2023-3364
CVE-2023-3994
CVE-2023-3932
CWE-ID CWE-200
CWE-20
CWE-284
CWE-79
CWE-185
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		GitLab Enterprise Edition
Universal components / Libraries / Software for developers

Gitlab Community Edition
Universal components / Libraries / Software for developers

Vendor GitLab, Inc

Security Bulletin

This security bulletin contains information about 15 vulnerabilities.

Updated 19.09.2023

Assigned CVE-ID number for vulnerability #15

1) Information disclosure

EUVDB-ID: #VU78867

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3993

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to access tokens may have been logged when a query was made to a specific endpoint. A remote administrator can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

GitLab Enterprise Edition: 14.3.0 - 16.2.1

External links

http://about.gitlab.com/releases/2023/08/01/security-release-gitlab-16-2-2-released/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU78877

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1210

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote user can leak a user's email via an error message for groups that restrict membership by email domain.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 12.9.0 - 16.2.1

GitLab Enterprise Edition: 12.9.0 - 16.2.1

External links

http://about.gitlab.com/releases/2023/08/01/security-release-gitlab-16-2-2-released/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU78876

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4011

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to lack of pagination while loading license data. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

GitLab Enterprise Edition: 15.11.0 - 16.2.1

External links

http://about.gitlab.com/releases/2023/08/01/security-release-gitlab-16-2-2-released/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper access control

EUVDB-ID: #VU78872

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2022

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote user can create pipeline schedules on protected branches even if they do not have access to merge.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 0.1.5 - 16.2.1

GitLab Enterprise Edition: 6.2.0 - 16.2.1

External links

http://about.gitlab.com/releases/2023/08/01/security-release-gitlab-16-2-2-released/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU78871

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3900

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to invalid "start_sha" value on merge requests page. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 16.1.0 - 16.2.1

GitLab Enterprise Edition: 16.1.0 - 16.2.1

External links

http://about.gitlab.com/releases/2023/08/01/security-release-gitlab-16-2-2-released/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper access control

EUVDB-ID: #VU78869

Risk: Medium

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3401

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the main branch of a repository with a specially designed name. A remote user can create repositories with malicious code.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 0.1.5 - 16.2.1

GitLab Enterprise Edition: 6.2.0 - 16.2.1

External links

http://about.gitlab.com/releases/2023/08/01/security-release-gitlab-16-2-2-released/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Cross-site scripting

EUVDB-ID: #VU78868

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3500

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the PlantUML diagram. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 10.0 - 16.2.1

GitLab Enterprise Edition: 10.0.0 - 16.2.1

External links

http://about.gitlab.com/releases/2023/08/01/security-release-gitlab-16-2-2-released/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Information disclosure

EUVDB-ID: #VU78866

Risk: Medium

CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4008

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to pages unique domain overwrite. A remote user can takeover GitLab Pages with unique domain URLs if the random string added is known.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 15.9.0 - 16.2.1

GitLab Enterprise Edition: 15.9.0 - 16.2.1

External links

http://about.gitlab.com/releases/2023/08/01/security-release-gitlab-16-2-2-released/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Information disclosure

EUVDB-ID: #VU78865

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4002

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the "securityPolicyProjectAssign" mutation does not authorize security policy project ID. A remote user can link any security policy project by its ID to projects or groups the user has access to and reveal the security projects's configured security policies.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

GitLab Enterprise Edition: 14.1.0 - 16.2.1

External links

http://about.gitlab.com/releases/2023/08/01/security-release-gitlab-16-2-2-released/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Stored cross-site scripting

EUVDB-ID: #VU78864

Risk: Low

CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2164

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the WebIDE beta. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 15.9.0 - 16.2.1

GitLab Enterprise Edition: 15.9.0 - 16.2.1

External links

http://about.gitlab.com/releases/2023/08/01/security-release-gitlab-16-2-2-released/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Information disclosure

EUVDB-ID: #VU78863

Risk: Medium

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3385

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to malicious tar.gz file upload using GitLab export functionality. A remote user can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 8.10 - 16.2.1

GitLab Enterprise Edition: 8.10.0 - 16.2.1

External links

http://about.gitlab.com/releases/2023/08/01/security-release-gitlab-16-2-2-released/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Incorrect Regular Expression

EUVDB-ID: #VU78862

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0632

CWE-ID: CWE-185 - Incorrect Regular Expression

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing regular expressions in Harbor Registry search. A remote user can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 15.2.0 - 16.2.1

GitLab Enterprise Edition: 15.2.0 - 16.2.1

External links

http://about.gitlab.com/releases/2023/08/01/security-release-gitlab-16-2-2-released/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Incorrect Regular Expression

EUVDB-ID: #VU78860

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3364

CWE-ID: CWE-185 - Incorrect Regular Expression

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing regular expressions within the AutolinkFilter in any Markdown fields. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 8.14 - 16.2.1

GitLab Enterprise Edition: 8.14.0 - 16.2.1

External links

http://about.gitlab.com/releases/2023/08/01/security-release-gitlab-16-2-2-released/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Incorrect Regular Expression

EUVDB-ID: #VU78859

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3994

CWE-ID: CWE-185 - Incorrect Regular Expression

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing regular expressions within the ProjectReferenceFilter in any Markdown fields. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Gitlab Community Edition: 9.3 - 16.2.1

GitLab Enterprise Edition: 9.3.0 - 16.2.1

External links

http://about.gitlab.com/releases/2023/08/01/security-release-gitlab-16-2-2-released/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Information disclosure

EUVDB-ID: #VU78878

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3932

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote user can run pipeline jobs as an arbitrary user via scheduled security scan policies.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

GitLab Enterprise Edition: before 16.2.2

External links

http://about.gitlab.com/releases/2023/08/01/security-release-gitlab-16-2-2-released/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###