Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 5 |
CVE-ID | CVE-2024-0402 CVE-2023-6159 CVE-2023-5933 CVE-2023-5612 CVE-2024-0456 |
CWE-ID | CWE-22 CWE-185 CWE-79 CWE-200 CWE-285 |
Exploitation vector | Network |
Public exploit | Public exploit code for vulnerability #4 is available. |
Vulnerable software Subscribe |
Gitlab Community Edition Universal components / Libraries / Software for developers GitLab Enterprise Edition Universal components / Libraries / Software for developers |
Vendor | GitLab, Inc |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
EUVDB-ID: #VU85810
Risk: Medium
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0402
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote user can write files to arbitrary locations on the GitLab server while creating a workspace.
MitigationInstall update from vendor's website.
Vulnerable software versionsGitlab Community Edition: 16.0.0 - 16.8.0
GitLab Enterprise Edition: 16.0.0 - 16.8.0
External linkshttp://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85812
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6159
CWE-ID:
CWE-185 - Incorrect Regular Expression
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing regular expressions in Cargo.toml blob viewer. A remote user can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 12.7.0 - 16.8.0
GitLab Enterprise Edition: 12.7.0 - 16.8.0
External linkshttp://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85818
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5933
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the user name. A remote user can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 13.7.0 - 16.8.0
GitLab Enterprise Edition: 13.7.0 - 16.8.0
External linkshttp://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85819
Risk: Medium
CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C]
CVE-ID: CVE-2023-5612
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can read the user email address via tags feed although the visibility in the user profile has been disabled.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 0.1.5 - 16.8.0
GitLab Enterprise Edition: 6.2.0 - 16.8.0
External linkshttp://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
EUVDB-ID: #VU85820
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0456
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to improper authorization. A remote attacker can assign arbitrary users to MRs that they created within the project.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 14.0.0 - 16.8.0
GitLab Enterprise Edition: 14.0.0 - 16.8.0
External linkshttp://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.