Arch Linux Security Advisory ASA-202106-21
=========================================
Severity: High
Date    : 2021-06-09
CVE-ID  : CVE-2021-22181 CVE-2021-22213 CVE-2021-22214 CVE-2021-22216
          CVE-2021-22217 CVE-2021-22218 CVE-2021-22219 CVE-2021-22220
          CVE-2021-22221
Package : gitlab
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-2023

Summary
======
The package gitlab before version 13.12.2-1 is vulnerable to multiple
issues including denial of service, information disclosure, access
restriction bypass, authentication bypass, cross-site scripting and
content spoofing.

Resolution
=========
Upgrade to 13.12.2-1.

# pacman -Syu "gitlab>=13.12.2-1"

The problems have been fixed upstream in version 13.12.2.

Workaround
=========
None.

Description
==========
- CVE-2021-22181 (denial of service)

A denial of service vulnerability in GitLab CE/EE affecting all
versions since 11.8 before 13.12.2 allows an attacker to create a
recursive pipeline relationship and exhaust resources.

- CVE-2021-22213 (information disclosure)

A cross-site leak vulnerability in the OAuth flow of all versions of
GitLab CE/EE since 7.10 before 13.12.2 allowed an attacker to leak an
OAuth access token by getting the victim to visit a malicious page with
Safari.

- CVE-2021-22214 (access restriction bypass)

When requests to the internal network for webhooks are enabled, a
server-side request forgery vulnerability in GitLab CE/EE affecting all
versions starting from 10.5 before 13.12.2 was possible to exploit for
an unauthenticated attacker even on a GitLab instance where
registration is limited.

- CVE-2021-22216 (denial of service)

A denial of service vulnerability in all versions of GitLab CE/EE
before 13.12.2 allows an attacker to cause uncontrolled resource
consumption with a very long issue or merge request description.

- CVE-2021-22217 (denial of service)

A denial of service vulnerability in all versions of GitLab CE/EE
before 13.12.2 allows an attacker to cause uncontrolled resource
consumption with a specially crafted issue or merge request.

- CVE-2021-22218 (content spoofing)

All versions of GitLab CE/EE starting with 12.8 before 13.12.2 were
affected by an issue in the handling of x509 certificates that could be
used to spoof author of signed commits.

- CVE-2021-22219 (information disclosure)

GitLab CE/EE since version 9.5 before 13.12.2 allows a high privilege
user to obtain sensitive information from log files because the
sensitive information was not correctly registered for log masking.

- CVE-2021-22220 (cross-site scripting)

An issue has been discovered in GitLab affecting all versions starting
with 13.10 before 13.12.2. GitLab was vulnerable to a stored cross-site
scripting (XSS) attack in the blob viewer of notebooks.

- CVE-2021-22221 (authentication bypass)

An issue has been discovered in GitLab affecting all versions starting
from 12.9.0 before 13.12.2. Insufficient expired password validation in
various operations allowed users to maintain limited access after their
password expired.

Impact
=====
A remote attacker could disclose sensitive information, bypass
authentication, execute JavaScript code using cross-site scripting,
spoof content or crash the GitLab server.

References
=========
https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/
https://gitlab.com/gitlab-org/gitlab/-/issues/300308
https://hackerone.com/users/sign_in
https://hackerone.com/users/sign_in
https://gitlab.com/gitlab-org/gitlab/-/issues/300709
https://hackerone.com/users/sign_in
https://gitlab.com/gitlab-org/gitlab/-/issues/297665
https://hackerone.com/users/sign_in
https://gitlab.com/gitlab-org/gitlab/-/issues/294128
https://hackerone.com/users/sign_in
https://security.archlinux.org/CVE-2021-22181
https://security.archlinux.org/CVE-2021-22213
https://security.archlinux.org/CVE-2021-22214
https://security.archlinux.org/CVE-2021-22216
https://security.archlinux.org/CVE-2021-22217
https://security.archlinux.org/CVE-2021-22218
https://security.archlinux.org/CVE-2021-22219
https://security.archlinux.org/CVE-2021-22220
https://security.archlinux.org/CVE-2021-22221

ArchLinux: 202106-21: gitlab: multiple issues

June 11, 2021

Summary

- CVE-2021-22181 (denial of service) A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 before 13.12.2 allows an attacker to create a recursive pipeline relationship and exhaust resources.
- CVE-2021-22213 (information disclosure)
A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 before 13.12.2 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari.
- CVE-2021-22214 (access restriction bypass)
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 before 13.12.2 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited.
- CVE-2021-22216 (denial of service)
A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description.
- CVE-2021-22217 (denial of service)
A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge request.
- CVE-2021-22218 (content spoofing)
All versions of GitLab CE/EE starting with 12.8 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits.
- CVE-2021-22219 (information disclosure)
GitLab CE/EE since version 9.5 before 13.12.2 allows a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking.
- CVE-2021-22220 (cross-site scripting)
An issue has been discovered in GitLab affecting all versions starting with 13.10 before 13.12.2. GitLab was vulnerable to a stored cross-site scripting (XSS) attack in the blob viewer of notebooks.
- CVE-2021-22221 (authentication bypass)
An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.12.2. Insufficient expired password validation in various operations allowed users to maintain limited access after their password expired.

Resolution

Upgrade to 13.12.2-1. # pacman -Syu "gitlab>=13.12.2-1"
The problems have been fixed upstream in version 13.12.2.

References

https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/300308 https://hackerone.com/users/sign_in https://hackerone.com/users/sign_in https://gitlab.com/gitlab-org/gitlab/-/issues/300709 https://hackerone.com/users/sign_in https://gitlab.com/gitlab-org/gitlab/-/issues/297665 https://hackerone.com/users/sign_in https://gitlab.com/gitlab-org/gitlab/-/issues/294128 https://hackerone.com/users/sign_in https://security.archlinux.org/CVE-2021-22181 https://security.archlinux.org/CVE-2021-22213 https://security.archlinux.org/CVE-2021-22214 https://security.archlinux.org/CVE-2021-22216 https://security.archlinux.org/CVE-2021-22217 https://security.archlinux.org/CVE-2021-22218 https://security.archlinux.org/CVE-2021-22219 https://security.archlinux.org/CVE-2021-22220 https://security.archlinux.org/CVE-2021-22221

Severity
CVE-2021-22217 CVE-2021-22218 CVE-2021-22219 CVE-2021-22220
CVE-2021-22221
Package : gitlab
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-2023

Workaround

None.

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved