SB2022060202 - Multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE)
Published: June 2, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 secuirty vulnerabilities.
1) Improper access control (CVE-ID: CVE-2022-1680)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to an account takeover issue via the SCIM feature. A remote user can invite arbitrary users through their username and email, take over those accounts and change their display name and username.
2) Stored cross-site scripting (CVE-ID: CVE-2022-1940)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in Jira integration. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
3) Cross-site scripting (CVE-ID: CVE-2022-1948)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in quick actions. A remote user can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
4) Improper Authorization (CVE-ID: CVE-2022-1935)
The vulnerability allows a remote user to bypass authorization checks.
The vulnerability exists due to IP allowlist bypass when using Trigger tokens. A remote administrator can misuse Project Trigger Token from any location even when IP address restrictions were configured.
5) Improper Authorization (CVE-ID: CVE-2022-1936)
The vulnerability allows a remote user to bypass authorization checks.
The vulnerability exists due to IP allowlist bypass when using Project Deploy Tokens. A remote administrator can misuse Project Deploy Token from any location even when IP address restrictions were configured.
6) Improper Authorization (CVE-ID: CVE-2022-1944)
The vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to improper authorization in the Interactive Web Terminal. A remote user can open terminals on other Developers' running jobs.
7) Information disclosure (CVE-ID: CVE-2022-1821)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote user can access the members list of their parent group.
8) Improper access control (CVE-ID: CVE-2022-1783)
The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to group member lock bypass. A remote administrator can add new members to a project within their group, even after their group owner enabled a setting to prevent members from being added to projects within that group.
Remediation
Install update from vendor's website.