Rewterz Threat Advisory – Multiple GitLab Community and Enterprise Edition Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-6033 CVSS:8.7

GitLab Community and Enterprise Edition are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2023-6396 CVSS:8.1

GitLab Community and Enterprise Edition could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper permission validation. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-3949 CVSS:5.3

GitLab Community and Enterprise Edition could allow a remote attacker to obtain sensitive information, caused by improper permission assignment. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain the release description in public projects, and use this information to launch further attacks against the affected system.

CVE-2023-5226 CVSS:4.8

GitLab Community and Enterprise Edition could allow a remote authenticated attacker to bypass security restrictions, caused by improper input validation. By sending a specially crafted request using the branch name, an attacker could exploit this vulnerability to manipulate repository content in the UI.

CVE-2023-5995 CVSS:4.4

GitLab Community and Enterprise Edition could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially crafted request using the policy bot, an attacker could exploit this vulnerability to gain access to internal projects.

CVE-2023-4912 CVSS:4.3

GitLab Community and Enterprise Edition are vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted mermaid diagram input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-4317 CVSS:4.3

GitLab Community and Enterprise Edition could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to update a pipeline schedule from an unprotected branch to a protected branch.

CVE-2023-3964 CVSS:4.3

GitLab Community and Enterprise Edition could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to access composer packages on public projects.

CVE-2023-3443 CVSS:3.1

GitLab Community and Enterprise Edition could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to add an emoji on confidential work items.

Impact

• Denial of Service
• Security Bypass
• Cross-Site Scripting
• Privileges Escalation
• Information Disclosure

Indicators Of Compromise

CVE

• CVE-2023-6033
• CVE-2023-6396
• CVE-2023-3949
• CVE-2023-5226
• CVE-2023-5995
• CVE-2023-4912
• CVE-2023-4317
• CVE-2023-3964
• CVE-2023-3443

Affected Vendors

GitLab

Affected Products

• GitLab Enterprise Edition 16.5.0
• GitLab Community Edition 16.5.0
• GitLab Enterprise Edition 16.4.0
• GitLab Enterprise Edition 16.6.0
• GitLab Community Edition 16.4.0
• GitLab Community Edition 16.6.0

Remediation

Refer to GitLab Website for patch, upgrade or suggested workaround information.

GitLab Website