SB2023121418 - Multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE)

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Improper Certificate Validation (CVE-ID: CVE-2023-6680)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper certificate validation issue in Smartcard authentication. A remote attacker can authenticate as another user given their public key if they use Smartcard authentication.

2) Improper access control (CVE-ID: CVE-2023-6564)

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to in projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role were able to push or merge to protected branches.

3) Improper access control (CVE-ID: CVE-2023-6051)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the GitLab web interface does not ensure the integrity of information when downloading the source code from installation packages or tags. A remote user can compromise file integrity of the target application.

4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-3907)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions. A remote administrator can use a Project Access Token to escalate their role to Owner.

5) Security features bypass (CVE-ID: CVE-2023-5512)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the omission of double encoding in file names which facilitates the creation of repositories with malicious content. A remote user can use specific HTML encoding for file names leading for incorrect representation in the UI.

6) Input validation error (CVE-ID: CVE-2023-3904)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the unvalidated timeSpent value leads to unable to load issues on Issue board. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

7) Improper access control (CVE-ID: CVE-2023-5061)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote user can override predefined CI variables via the REST API.

8) Improper access control (CVE-ID: CVE-2023-3511)

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote administrator can fork and submit merge requests to private projects they are not a member of.

Remediation

Install update from vendor's website.

References

• https://about.gitlab.com/releases/2023/12/13/security-release-gitlab-16-6-2-released/