Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities
August 2, 2023
Rewterz
Rewterz Threat Advisory – ICS: Advantech iView Vulnerability
August 2, 2023

Rewterz Threat Advisory – Multiple GitLab Community Edition and Enterprise Edition Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-4011 CVSS:4.3

GitLab Community Edition and Enterprise Edition are vulnerable to a denial of service, caused by the lack of pagination while loading license data. By loading Dependency List page, a remote authenticated attacker could exploit this vulnerability to spike the resource consumption.

CVE-2023-2022 CVSS:4.3

GitLab Community Edition and Enterprise Edition could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to create pipeline schedules on protected branches.

CVE-2023-3900 CVSS:4.3

GitLab Community Edition and Enterprise Edition are vulnerable to a denial of service. By using an invalid ‘start_sha’ value on merge requests page, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-3401 CVSS:4.8

GitLab Community Edition and Enterprise Edition could allow a remote authenticated attacker to bypass security restrictions. By using a specially crafted name for main branch of a repository, an attacker could exploit this vulnerability to create repositories with malicious code.

CVE-2023-3500 CVSS:4.8

GitLab Community Edition and Enterprise Edition are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the PlantUML diagram to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2023-3993 CVSS:4.9

GitLab Community Edition and Enterprise Edition could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in access token. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2023-4008 CVSS:5

GitLab Community Edition and Enterprise Edition could allow a remote authenticated attacker to obtain sensitive information. By sending a specially crafted request, an attacker could exploit this vulnerability to takeover GitLab Pages with unique domain URLs if the random string added was known.

CVE-2023-4002 CVSS:5.3

GitLab Community Edition and Enterprise Edition could allow a remote authenticated attacker to obtain sensitive information, caused by failing to authorize security policy project ID in securityPolicyProjectAssign mutation. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2023-2164 CVSS:5.4

GitLab Community Edition and Enterprise Edition are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability using a specially crafted URL in Web IDE Beta to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2023-0632 CVSS:6.5

GitLab Community Edition and Enterprise Edition are vulnerable to a denial of service, caused by a ReDoS flaw. By using crafted payloads to search Harbor Registry, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-3385 CVSS:6.3

GitLab Community Edition and Enterprise Edition could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in GitLab export functionality. By uploading a specially crafted file, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2023-3364 CVSS:7.5

GitLab Community Edition and Enterprise Edition are vulnerable to a denial of service, caused by a ReDoS flaw. By sending crafted payloads which use AutolinkFilter to the preview_markdown endpoint, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-3994 CVSS:7.5

GitLab Community Edition and Enterprise Edition are vulnerable to a denial of service, caused by a ReDoS flaw. By sending crafted payloads which use ProjectReferenceFilter to the preview_markdown endpoint, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-1210 CVSS:3.1

GitLab Community Edition and Enterprise Edition could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in error message for groups. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain user’s email.

Impact

  • Denial of Service
  • Security Bypass
  • Cross-site Scripting
  • Information Disclosure

Indicators Of Compromise

CVE

  • CVE-2023-4011
  • CVE-2023-2022
  • CVE-2023-3900
  • CVE-2023-3401
  • CVE-2023-3500
  • CVE-2023-3993
  • CVE-2023-4008
  • CVE-2023-4002
  • CVE-2023-2164
  • CVE-2023-0632
  • CVE-2023-3385
  • CVE-2023-3364
  • CVE-2023-3994
  • CVE-2023-1210

Affected Vendors

GitLab

Affected Products

  • GitLab Enterprise Edition 16.1.2
  • GitLab Enterprise Edition 16.2.1
  • GitLab Community Edition 16.2.1
  • GitLab Community Edition 16.1.2

Remediation

Upgrade to the latest version of GitLab Community Edition and Enterprise Edition, available from the GitLab Website.

GitLab Website