SB2024080830 - Multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE)

Description

This security bulletin contains information about 13 secuirty vulnerabilities.

1) Security features bypass (CVE-ID: CVE-2024-6329)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper path encoding. A remote user can cause the web interface to fail to render the diff correctly when the path is encoded.

2) Information disclosure (CVE-ID: CVE-2024-7586)

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to webhook deletion audit log can preserve auth credentials. A remote administrator can gain unauthorized access to sensitive information on the system.

3) Incorrect Regular Expression (CVE-ID: CVE-2024-3114)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing regular expressions within parsing git push. A remote user can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

4) Improper access control (CVE-ID: CVE-2024-4784)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote user can bypass the password re-entry requirement to approve a policy.

5) Observable discrepancy (CVE-ID: CVE-2024-3958)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to ambiguous tag name exploitation. A remote attacker can abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code

6) Cross-site scripting (CVE-ID: CVE-2024-4207)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when viewing an XML file in a repository in raw mode. A remote user can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

7) Incorrect Regular Expression (CVE-ID: CVE-2024-2800)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation within RefMatcher when matching branch names using wildcards. A remote user can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

8) Input validation error (CVE-ID: CVE-2024-4210)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote user can use specially crafted adoc files and perform a denial of service (DoS) attack.

9) Resource exhaustion (CVE-ID: CVE-2024-5423)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within banzai pipeline. A remote user can trigger resource exhaustion and perform a denial of service (DoS) attack.

10) Improper access control (CVE-ID: CVE-2024-6356)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to cross project access of Security policy bot. A remote user can bypass implemented security restrictions and gain unauthorized access to the application.

11) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-3035)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to the LFS tokens granting unrestricted repository access, which leads to security restrictions bypass and privilege escalation.

12) Incorrect Regular Expression (CVE-ID: N/A)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing regular expressions in highlight for code results. A remote user can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

13) Information disclosure (CVE-ID: N/A)

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to logs disclosings potentially sensitive data in query params. A remote administrator can gain unauthorized access to sensitive information on the system.

Remediation

Install update from vendor's website.

References

• https://about.gitlab.com/releases/2024/08/07/patch-release-gitlab-17-2-2-released/