Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 554
Alerts This Week
Warning Icon 1 554

Arch Linux ASA-202106-21 High Severity: GitLab Multiple Issues Advisory

Archlinux Large Esm H446
The package gitlab before version 13.12.2-1 is vulnerable to multiple issues including denial of service, information disclosure, access restriction bypass, authentication bypass, cross-site scripting and content spoofing.
Arch Linux Security Advisory ASA-202106-21
=========================================
Severity: High
Date    : 2021-06-09
CVE-ID  : CVE-2021-22181 CVE-2021-22213 CVE-2021-22214 CVE-2021-22216
          CVE-2021-22217 CVE-2021-22218 CVE-2021-22219 CVE-2021-22220
          CVE-2021-22221
Package : gitlab
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-2023

Summary
======
The package gitlab before version 13.12.2-1 is vulnerable to multiple
issues including denial of service, information disclosure, access
restriction bypass, authentication bypass, cross-site scripting and
content spoofing.

Resolution
=========
Upgrade to 13.12.2-1.

# pacman -Syu "gitlab>=13.12.2-1"

The problems have been fixed upstream in version 13.12.2.

Workaround
=========
None.

Description
==========
- CVE-2021-22181 (denial of service)

A denial of service vulnerability in GitLab CE/EE affecting all
versions since 11.8 before 13.12.2 allows an attacker to create a
recursive pipeline relationship and exhaust resources.

- CVE-2021-22213 (information disclosure)

A cross-site leak vulnerability in the OAuth flow of all versions of
GitLab CE/EE since 7.10 before 13.12.2 allowed an attacker to leak an
OAuth access token by getting the victim to visit a malicious page with
Safari.

- CVE-2021-22214 (access restriction bypass)

When requests to the internal network for webhooks are enabled, a
server-side request forgery vulnerability in GitLab CE/EE affecting all
versions starting from 10.5 before 13.12.2 was possible to exploit for
an unauthenticated attacker even on a GitLab instance where
registration is limited.

- CVE-2021-22216 (denial of service)

A denial of service vulnerability in all versions of GitLab CE/EE
before 13.12.2 allows an attacker to cause uncontrolled resource
consumption with a very long issue or merge request description.

- CVE-2021-22217 (denial of service)

A denial of service vulnerability in all versions of GitLab CE/EE
before 13.12.2 allows an attacker to cause uncontrolled resource
consumption with a specially crafted issue or merge request.

- CVE-2021-22218 (content spoofing)

All versions of GitLab CE/EE starting with 12.8 before 13.12.2 were
affected by an issue in the handling of x509 certificates that could be
used to spoof author of signed commits.

- CVE-2021-22219 (information disclosure)

GitLab CE/EE since version 9.5 before 13.12.2 allows a high privilege
user to obtain sensitive information from log files because the
sensitive information was not correctly registered for log masking.

- CVE-2021-22220 (cross-site scripting)

An issue has been discovered in GitLab affecting all versions starting
with 13.10 before 13.12.2. GitLab was vulnerable to a stored cross-site
scripting (XSS) attack in the blob viewer of notebooks.

- CVE-2021-22221 (authentication bypass)

An issue has been discovered in GitLab affecting all versions starting
from 12.9.0 before 13.12.2. Insufficient expired password validation in
various operations allowed users to maintain limited access after their
password expired.

Impact
=====
A remote attacker could disclose sensitive information, bypass
authentication, execute JavaScript code using cross-site scripting,
spoof content or crash the GitLab server.

References
=========
https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/
https://gitlab.com/gitlab-org/gitlab/-/issues/300308


https://gitlab.com/gitlab-org/gitlab/-/issues/300709

https://gitlab.com/gitlab-org/gitlab/-/issues/297665

https://gitlab.com/gitlab-org/gitlab/-/issues/294128

https://security.archlinux.org/CVE-2021-22181
https://security.archlinux.org/CVE-2021-22213
https://security.archlinux.org/CVE-2021-22214
https://security.archlinux.org/CVE-2021-22216
https://security.archlinux.org/CVE-2021-22217
https://security.archlinux.org/CVE-2021-22218
https://security.archlinux.org/CVE-2021-22219
https://security.archlinux.org/CVE-2021-22220
https://security.archlinux.org/CVE-2021-22221