SB2023120107 - Multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE)
Published: December 1, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 secuirty vulnerabilities.
1) Cross-site scripting (CVE-ID: CVE-2023-6033)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in Jira integration configuration. A remote user can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
2) Improper access control (CVE-ID: CVE-2023-6396)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user with admin_group_member custom permission can add members with higher role.
3) Information disclosure (CVE-ID: CVE-2023-3949)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can view a public projects' release descriptions via an atom endpoint when release access on the public is set to only project members.
4) Improper access control (CVE-ID: CVE-2023-5226)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the main branch of a repository with a specially designed name. A remote user can use a specially crafted branch name to bypass prohibited branch checks and manipulate repository content in the UI.
5) Information disclosure (CVE-ID: CVE-2023-5995)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote administrator can abuse policy bot to gain access to internal projects.
6) Input validation error (CVE-ID: CVE-2023-4912)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the Mermaid Flowchart. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
7) Improper access control (CVE-ID: CVE-2023-4317)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user can update a pipeline schedule from an unprotected branch to a protected branch.
8) Information disclosure (CVE-ID: CVE-2023-3964)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote user can access composer packages on public projects that have package registry disabled in the project settings.
9) Improper access control (CVE-ID: CVE-2023-4658)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user can gain "Allowed to push and merge" access and affect integrity of protected branches.
10) Improper access control (CVE-ID: CVE-2023-3443)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user can add an emoji on confidential work items.
Remediation
Install update from vendor's website.