SB2022110721 - Multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE)

Description

This security bulletin contains information about 11 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2022-3726)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to lack of sand-boxing of OpenAPI documents. A remote user can trick a victim to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account.

2) Resource exhaustion (CVE-ID: CVE-2022-3818)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when parsing URLs. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

3) Improper access control (CVE-ID: CVE-2022-3483)

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote administrator can exfiltrate a Datadog integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.

4) Stored cross-site scripting (CVE-ID: CVE-2022-3265)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in setting the labels colour feature. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

5) Open redirect (CVE-ID: CVE-2022-3486)

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.

6) Improper Authorization (CVE-ID: CVE-2022-3793)

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to an improper authorization. A remote user can read variables set directly in a GitLab CI/CD configuration file.

7) Improper Authorization (CVE-ID: CVE-2022-3413)

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to an improper authorization during display of Audit Events. A remote user can view the project's Audit Events or the group's Audit Events.

8) Information disclosure (CVE-ID: CVE-2022-2761)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to arbitrary GFM references rendered in Jira issue description leak private/confidential resources. A remote user can disclose the names of resources.

9) Improper Authorization (CVE-ID: CVE-2022-3819)

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to an improper authorization. A remote user can set emojis on internal notes they don't have access to.

10) Open redirect (CVE-ID: CVE-2022-3280)

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data in pipeline artifacts when generating HTML documents. A remote user can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.

11) Improper Authorization (CVE-ID: CVE-2022-3706)

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to an improper authorization. A remote user can take ownership of the retried jobs in the upstream pipeline.

Remediation

Install update from vendor's website.

References

• https://about.gitlab.com/releases/2022/11/02/security-release-gitlab-15-5-2-released/