SB2023080237 - Multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE) 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023080237

SB2023080237 - Multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE)

Published: August 2, 2023 Updated: September 19, 2023

Security Bulletin ID SB2023080237
Severity
Medium
Patch available
YES
Number of vulnerabilities 15
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 53% Low 47%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 15 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2023-3993)

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to access tokens may have been logged when a query was made to a specific endpoint. A remote administrator can gain unauthorized access to sensitive information on the system.


2) Information disclosure (CVE-ID: CVE-2023-1210)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote user can leak a user's email via an error message for groups that restrict membership by email domain.


3) Input validation error (CVE-ID: CVE-2023-4011)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to lack of pagination while loading license data. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.


4) Improper access control (CVE-ID: CVE-2023-2022)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote user can create pipeline schedules on protected branches even if they do not have access to merge.


5) Input validation error (CVE-ID: CVE-2023-3900)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to invalid "start_sha" value on merge requests page. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.


6) Improper access control (CVE-ID: CVE-2023-3401)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the main branch of a repository with a specially designed name. A remote user can create repositories with malicious code.


7) Cross-site scripting (CVE-ID: CVE-2023-3500)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the PlantUML diagram. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


8) Information disclosure (CVE-ID: CVE-2023-4008)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to pages unique domain overwrite. A remote user can takeover GitLab Pages with unique domain URLs if the random string added is known.


9) Information disclosure (CVE-ID: CVE-2023-4002)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the "securityPolicyProjectAssign" mutation does not authorize security policy project ID. A remote user can link any security policy project by its ID to projects or groups the user has access to and reveal the security projects's configured security policies.


10) Stored cross-site scripting (CVE-ID: CVE-2023-2164)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the WebIDE beta. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


11) Information disclosure (CVE-ID: CVE-2023-3385)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to malicious tar.gz file upload using GitLab export functionality. A remote user can gain unauthorized access to sensitive information on the system.


12) Incorrect Regular Expression (CVE-ID: CVE-2023-0632)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing regular expressions in Harbor Registry search. A remote user can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.


13) Incorrect Regular Expression (CVE-ID: CVE-2023-3364)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing regular expressions within the AutolinkFilter in any Markdown fields. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.


14) Incorrect Regular Expression (CVE-ID: CVE-2023-3994)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing regular expressions within the ProjectReferenceFilter in any Markdown fields. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.


15) Information disclosure (CVE-ID: CVE-2023-3932)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote user can run pipeline jobs as an arbitrary user via scheduled security scan policies.


Remediation

Install update from vendor's website.

References