Severity
Medium
Analysis Summary
CVE-2023-5207 CVSS:8.2
GitLab could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper neutralization of user supplied-input. By adding another project’s policy bot as a member to their own project, an attacker could exploit this vulnerability to trigger pipelines in the victim’s project.
CVE-2023-2233 CVSS:3.1
GitLab could allow a remote authenticated attacker to obtain sensitive information, caused by improper authorization in Sentry instance projects. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-3914 CVSS:5.4
GitLab could allow a remote authenticatedattacker to bypass security restrictions, caused by a business logic error where a service account is not deleted when a namespace is deleted. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass authentication and obtain access to internal projects.
CVE-2023-3920 CVSS:4.3
GitLab could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass authentication and create a fork relationship between existing projects.
CVE-2023-3917 CVSS:4.3
GitLab is vulnerable to a denial of service, caused by a flaw in the accessing of protected variables. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause pipelines to fail, resulting in a denial of service.
CVE-2023-3922 CVSS:3.0
GitLab is vulnerable to a denial of service, caused by a click-jacking vulnerability in the math rendering in markdown. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to hijack some links and buttons on the GitLab UI to a malicious page, resulting in a denial of service.
CVE-2023-4532 CVSS:4.3
GitLab could allow a remote authenticated attacker to obtain sensitive information, caused by improper authorization. By linking CI/CD jobs of private projects which they are not a member of to Machine Learning experiments, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-3115 CVSS:5.4
GitLab could allow a remote authenticated attacker to bypass security restrictions, caused by improper enforcement of Single Sign On restrictions for indirect project members accessing public members-only project repositories. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass authentication and obtain access.
CVE-2023-4658 CVSS:3.1
GitLab could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass authentication and obtain “Allowed to push and merge” access to protected branches.
CVE-2023-0989 CVSS:4.3
GitLab could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the processing of CI/CD configuration of forks. By persuading a victim to visit a fork with a specially crafted CI/CD configuration, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-3413 CVSS:6.5
GitLab could allow a remote authenticated attacker to obtain sensitive information, caused by the exposure of a resource to the wrong sphere. By forking a public project, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-4379 CVSS:8.1
GitLab could allow a remote attacker to bypass security restrictions, caused by insufficient control flow management. By sending a specially crafted merge request when the target branch is updated, an attacker could exploit this vulnerability to bypass code owners approval and change a MR’s base branch.
CVE-2023-3979 CVSS:3.1
GitLab could allow a remote authenticated attacker to bypass security restrictions, caused by improper access token revocation when removing a developer. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass authentication and continue editing the source code of a public project.
CVE-2023-3906 CVSS:3.5
GitLab could allow a remote authenticated attacker to obtain sensitive information, caused by improper validation of user-supplied input. By sending a specially crafted request using a non-ASCII character in an asset URI, an attacker could exploit this vulnerability to bypass the asset proxy, and obtain sensitive information.
CVE-2023-5198 CVSS:4.3
GitLab could allow a remote authenticated attacker to bypass security restrictions, caused by improper revocation of deploy keys when project members are removed. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass authentication and write to protected branches.
Impact
- Information Disclosure
- Bypass Security
- Gain Access
- Code Execution
Indicators Of Compromise
CVE
- CVE-2023-5207
- CVE-2023-2233
- CVE-2023-3914
- CVE-2023-3920
- CVE-2023-3917
- CVE-2023-3922
- CVE-2023-4532
- CVE-2023-3115
- CVE-2023-4658
- CVE-2023-0989
- CVE-2023-3413
- CVE-2023-4379
- CVE-2023-3979
- CVE-2023-3906
- CVE-2023-5197
Affected Vendors
GitLab
Affected Products
- GitLab 16.4.0
- GitLab 16.3.4
- GitLab 16.2.7
Remediation
Refer to GitLab Web site for patch, upgrade or suggested workaround information.