ArchLinux: 202112-10: gitlab: multiple issues
Summary
- CVE-2021-39910 (content spoofing)
An issue has been discovered in GitLab before version 14.5.2. GitLab
was vulnerable to HTML Injection through the Swagger UI feature.
- CVE-2021-39915 (information disclosure)
Improper access control in the GraphQL API in GitLab before version
14.5.2 allows an attacker to see the names of project access tokens on
arbitrary projects.
- CVE-2021-39917 (denial of service)
An issue has been discovered in GitLab before version 14.5.2. A regular
expression related to quick actions features was susceptible to
catastrophic backtracking that could cause a denial of service attack.
- CVE-2021-39919 (information disclosure)
In all versions of GitLab before version 14.5.2, the reset password
token and new user email token are accidentally logged which may lead
to information disclosure.
- CVE-2021-39931 (access restriction bypass)
An issue has been discovered in GitLab before version 14.5.2. Under
specific condition an unauthorised project member was allowed to delete
a protected branches due to a business logic error.
- CVE-2021-39932 (denial of service)
An issue has been discovered in GitLab before version 14.5.2. Using
large payloads, the diff feature could be used to trigger high load
time for users reviewing code changes.
- CVE-2021-39933 (denial of service)
An issue has been discovered in GitLab before version 14.5.2. A regular
expression used for handling user input (notes, comments, etc) was
susceptible to catastrophic backtracking that could cause a denial of
service attack.
- CVE-2021-39934 (information disclosure)
Improper access control allows any project member to retrieve the
service desk email address in GitLab before version 14.5.2.
- CVE-2021-39935 (access restriction bypass)
An issue has been discovered in GitLab before version 14.5.2.
Unauthorized external users could perform Server Side Requests via the
CI Lint API.
- CVE-2021-39936 (access restriction bypass)
Improper access control in GitLab before version 14.5.2 allows an
attacker in possession of a deploy token to access a project's disabled
wiki.
- CVE-2021-39937 (privilege escalation)
A collision in access memoization logic in all versions of GitLab
before version 14.5.2 leads to potential elevated privileges in groups
and projects under rare circumstances.
- CVE-2021-39938 (denial of service)
A vulnerable regular expression pattern in GitLab before version 14.5.2
allows an attacker to cause uncontrolled resource consumption leading
to Denial of Service via specially crafted deploy Slash commands.
- CVE-2021-39940 (denial of service)
An issue has been discovered in GitLab before version 14.5.2. GitLab
Maven Package registry is vulnerable to a regular expression denial of
service when a specifically crafted string is sent.
- CVE-2021-39941 (information disclosure)
An information disclosure vulnerability in GitLab before version 14.5.2
allowed non-project members to see the default branch name for projects
that restrict access to the repository to project members.
- CVE-2021-39944 (privilege escalation)
An issue has been discovered in GitLab before version 14.5.2. A
permissions validation flaw allowed group members with a developer role
to elevate their privilege to a maintainer on projects they import.
- CVE-2021-39945 (access restriction bypass)
Improper access control in the GitLab API affecting all versions before
version 14.5.2 allows an author of a Merge Request to approve the Merge
Request even after having their project access revoked.
Resolution
Upgrade to 14.5.2-1.
# pacman -Syu "gitlab>=14.5.2-1"
The problems have been fixed upstream in version 14.5.2.
References
https://about.gitlab.com/releases/2021/12/06/security-release-gitlab-14-5-2-released/ https://security.archlinux.org/CVE-2021-39910 https://security.archlinux.org/CVE-2021-39915 https://security.archlinux.org/CVE-2021-39917 https://security.archlinux.org/CVE-2021-39919 https://security.archlinux.org/CVE-2021-39931 https://security.archlinux.org/CVE-2021-39932 https://security.archlinux.org/CVE-2021-39933 https://security.archlinux.org/CVE-2021-39934 https://security.archlinux.org/CVE-2021-39935 https://security.archlinux.org/CVE-2021-39936 https://security.archlinux.org/CVE-2021-39937 https://security.archlinux.org/CVE-2021-39938 https://security.archlinux.org/CVE-2021-39940 https://security.archlinux.org/CVE-2021-39941 https://security.archlinux.org/CVE-2021-39944 https://security.archlinux.org/CVE-2021-39945
Workaround
None.