SB2020012829 - Multiple vulnerabilities in GitLab, Gitlab Community Edition

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Improper Privilege Management (CVE-ID: CVE-2019-5462)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed.

2) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2019-5464)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized.

3) Information disclosure (CVE-ID: CVE-2019-5465)

The vulnerability allows a remote authenticated user to gain access to sensitive information.

An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID.

4) Information disclosure (CVE-ID: CVE-2019-5466)

The vulnerability allows a remote authenticated user to gain access to sensitive information.

An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names.

Remediation

Install update from vendor's website.

References

• https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
• https://gitlab.com/gitlab-org/gitlab-ce/issues/58312
• https://hackerone.com/reports/495282
• https://gitlab.com/gitlab-org/gitlab-ce/issues/63959
• https://hackerone.com/reports/632101
• https://gitlab.com/gitlab-org/gitlab-ce/issues/62070
• https://hackerone.com/reports/584534
• https://gitlab.com/gitlab-org/gitlab-ce/issues/59809
• https://hackerone.com/reports/507113