SB2020032721 - Multiple vulnerabilities in GitLab, Gitlab Community Edition
Published: March 27, 2020 Updated: July 17, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Improper Privilege Management (CVE-ID: CVE-2020-12275)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API.
2) Cross-site scripting (CVE-ID: CVE-2020-12276)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
3) Incorrect default permissions (CVE-ID: CVE-2020-12277)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a repository even if the feature is not activated.
4) Information disclosure (CVE-ID: CVE-2020-10955)
The vulnerability allows a remote authenticated user to gain access to sensitive information.
GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.
5) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2020-10956)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature.
Remediation
Install update from vendor's website.