SB2023100227 - Multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE)
Published: October 2, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 15 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2023-3917)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in pipelines. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
2) Improper access control (CVE-ID: CVE-2023-3922)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to an error within math rendering in markdown. A remote user can hijack some links and buttons on the GitLab UI to a malicious page.
3) Improper Authorization (CVE-ID: CVE-2023-2233)
The vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to improper authorization. A remote user can leak the owner's Sentry instance projects.
4) Improper access control (CVE-ID: CVE-2023-3979)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user after being removed can continue editing the source code of a public project.
5) Input validation error (CVE-ID: CVE-2023-3906)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insufficient validation of user-supplied input in the asset proxy. A remote user can craft image urls which bypass the asset proxy.
6) Information disclosure (CVE-ID: CVE-2023-0989)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote user can trick a victim to visit a fork with a malicious CI/CD configuration and extract non-protected CI/CD variables.
7) Improper access control (CVE-ID: CVE-2023-3920)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user can create a fork relationship between existing projects contrary to the documentation.
8) Improper access control (CVE-ID: CVE-2023-4532)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to unauthorised association of CI jobs for Machine Learning experiments. A remote user can link CI/CD jobs of private projects which they are not a member of.
9) Improper access control (CVE-ID: CVE-2023-5198)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user after being removed can write to protected branches using deploy keys .
10) Improper access control (CVE-ID: CVE-2023-3115)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to single Sign On restrictions are not correctly enforced. A remote user can access public members-only project repositories.
11) Business Logic Errors (CVE-ID: CVE-2023-3914)
The vulnerability allows a remote attacker to gain access to internal projects.
The vulnerability exists due to a business logic error. A remote user can gain access to internal projects because service account is not deleted when a namespace is deleted.
12) Information disclosure (CVE-ID: CVE-2023-3413)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote user can fork a public project and gain unauthorized access to sensitive information on the system.
13) Improper access control (CVE-ID: CVE-2023-4379)
The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote administrator can bypass code owners approval by changing a MR's base branch.
14) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-5106)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to application does not properly impose security restrictions. A remote user can impersonate users in CI pipelines through direct transfer group imports.
15) Improper access control (CVE-ID: CVE-2023-5207)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user can perform arbitrary pipeline execution under the context of another user.
Remediation
Install update from vendor's website.