SB2022020412 - Multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE)
Published: February 4, 2022 Updated: February 7, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 12 secuirty vulnerabilities.
1) Cross-site scripting (CVE-ID: CVE-2022-0427)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in Jupyter notebooks. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
2) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2022-0425)
The disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to a DNS rebinding issue in the Irker IRC Gateway integration. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
3) Improper Certificate Validation (CVE-ID: CVE-2022-0123)
The vulnerability allows a remote user to compromise the target system.
The vulnerability exists due to improper certificate validation for external CI services. A remote administrator can perform a man-in-the-middle (MitM) attack on connections to these external services.
4) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2022-0136)
The disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input in the Project Import feature. A remote authenticated attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
5) Improper access control (CVE-ID: CVE-2022-0390)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote authenticated attacker can retrieve issue details when it was linked to an item form the vulnerability dashboard.
6) Improper access control (CVE-ID: CVE-2022-0373)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote authenticated attacker can retrieve the service desk email address.
7) Information disclosure (CVE-ID: CVE-2022-0371)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote authenticated attacker can search other users by their respective private emails even if a user set their email to private.
8) Input validation error (CVE-ID: CVE-2022-0477)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper handling bulk requests to delete existing packages from the package registries. A remote administrator can pass specially crafted input to the application and perform a denial of service (DoS) attack.
9) Information disclosure (CVE-ID: CVE-2022-0167)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to the affected application does not disable the Autocomplete attribute of fields related to sensitive information. A remote administrator can gain unauthorized access to sensitive information on the system.
10) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2022-0249)
The disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input. A remote authenticated attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
11) Path traversal (CVE-ID: CVE-2022-0344)
The vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote administrator can send a specially crafted HTTP request and read arbitrary files on the system.
12) Input validation error (CVE-ID: CVE-2022-0488)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote authenticated attacker can use a specific amount of block-quotes, trigger a timeout on a page with markdown and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.