GitLab Patched XSS Vulnerability that Lets Attackers to Execute Arbitrary Code

GitLab has launched novel Crew Edition (CE) and Enterprise Edition (EE) variations to handle a pair of vulnerabilities.

Amongst these, a excessive-severity unfavorable-website scripting (XSS) vulnerability has garnered particular consideration due to its attainable to enable attackers to retain out arbitrary code.

Summary of the Change

On July 25, 2024, GitLab announced the liberate of variations 17.2.1, 17.1.3, and 17.0.5 for both CE and EE. These updates contain extreme bugs and security fixes, and GitLab strongly recommends that every installations be upgraded straight.

GitLab complications fixes vulnerabilities through two forms of patch releases: scheduled releases and ad-hoc extreme patches for excessive-severity vulnerabilities. GitLab.com has already been updated to the patched version.

Security Fixes

XSS by potential of the Maven Dependency Proxy

A unfavorable-website scripting vulnerability in GitLab CE/EE, affecting variations from 16.6 sooner than 17.0.5, 17.1 sooner than 17.1.3, and 17.2 sooner than 17.2.1, allows an attacker to retain out arbitrary scripts below the context of the for the time being logged-in particular person.

GitLab group member Joern Schneeweisz came across this excessive-severity philosophize of affairs (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N, 7.7) internally.

CVE-2024-5067-Challenge Level Analytics Settings Leaked in DOM

An philosophize of affairs in GitLab EE affecting variations 16.11 sooner than 17.0.5, 17.1 sooner than 17.1.3, and 17.2 sooner than 17.2.1 would possibly perhaps perhaps well also leak positive venture-degree analytics settings within the DOM to group members with Developer or higher roles.

This medium-severity philosophize of affairs (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N, 4.4) is now mitigated within the most fresh liberate and is assigned CVE-2024-5067.

Thanks to yvvdwf and zebraman for reporting this vulnerability through GitLab’s HackerOne worm bounty program.

CVE-2024-7057 – Reports Can Accumulate entry to and Accumulate Job Artifacts No topic Use of Settings to Prevent It

An information disclosure vulnerability in GitLab CE/EE, affecting variations from 16.7 sooner than 17.0.5, 17.1 sooner than 17.1.3, and 17.2 sooner than 17.2.1, allowed job artifacts to be inappropriately uncovered to unauthorized customers.

This medium-severity philosophize of affairs (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N, 4.3) is now mitigated and is assigned CVE-2024-7057. Thanks to ricardobrito for reporting this vulnerability through GitLab’s HackerOne worm bounty program.

Sing Transfer – Licensed Challenge/Crew Exports Accessible to A mode of Customers

An philosophize of affairs in GitLab CE/EE, affecting variations from 15.6 sooner than 17.0.5, 17.1 sooner than 17.1.3, and 17.2 sooner than 17.2.1, allowed restricted information of an exported group or venture to be disclosed to but any other particular person.

GitLab group member James Nutt came across this medium-severity philosophize of affairs (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N, 4.1) internally.

CVE-2024-0231 – Bypassing Sign Examine and Division Examine Through Imports

A handy resource misdirection vulnerability in GitLab CE/EE, affecting variations from 12.0 sooner than 17.0.5, 17.1 sooner than 17.1.3, and 17.2 sooner than 17.2.1, allowed an attacker to craft a repository import to misdirect commits.

This low-severity philosophize of affairs (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N, 2.7) is now mitigated and is assigned CVE-2024-0231.

Thanks to aaron_dewes for reporting this vulnerability through GitLab’s HackerOne worm bounty program.

Challenge Import/Export – Accomplish Challenge/Crew Export Information Hidden to Everyone With the exception of User Who Initiated It

An information disclosure vulnerability in GitLab CE/EE in venture/group exports, affecting variations from 15.4 sooner than 17.0.5, 17.1 sooner than 17.1.3, and 17.2 sooner than 17.2.1, allowed unauthorized customers to witness the ensuing export.

GitLab group member Martin Wortschack came across this low-severity philosophize of affairs (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N, 2.6) internally.

GitLab strongly recommends that every installations running affected variations be upgraded to the most fresh version straight. This is applicable to all deployment kinds, along with omnibus, source code, and helm chart.