ArchLinux: 202106-21: gitlab: multiple issues
Summary
- CVE-2021-22181 (denial of service)
A denial of service vulnerability in GitLab CE/EE affecting all
versions since 11.8 before 13.12.2 allows an attacker to create a
recursive pipeline relationship and exhaust resources.
- CVE-2021-22213 (information disclosure)
A cross-site leak vulnerability in the OAuth flow of all versions of
GitLab CE/EE since 7.10 before 13.12.2 allowed an attacker to leak an
OAuth access token by getting the victim to visit a malicious page with
Safari.
- CVE-2021-22214 (access restriction bypass)
When requests to the internal network for webhooks are enabled, a
server-side request forgery vulnerability in GitLab CE/EE affecting all
versions starting from 10.5 before 13.12.2 was possible to exploit for
an unauthenticated attacker even on a GitLab instance where
registration is limited.
- CVE-2021-22216 (denial of service)
A denial of service vulnerability in all versions of GitLab CE/EE
before 13.12.2 allows an attacker to cause uncontrolled resource
consumption with a very long issue or merge request description.
- CVE-2021-22217 (denial of service)
A denial of service vulnerability in all versions of GitLab CE/EE
before 13.12.2 allows an attacker to cause uncontrolled resource
consumption with a specially crafted issue or merge request.
- CVE-2021-22218 (content spoofing)
All versions of GitLab CE/EE starting with 12.8 before 13.12.2 were
affected by an issue in the handling of x509 certificates that could be
used to spoof author of signed commits.
- CVE-2021-22219 (information disclosure)
GitLab CE/EE since version 9.5 before 13.12.2 allows a high privilege
user to obtain sensitive information from log files because the
sensitive information was not correctly registered for log masking.
- CVE-2021-22220 (cross-site scripting)
An issue has been discovered in GitLab affecting all versions starting
with 13.10 before 13.12.2. GitLab was vulnerable to a stored cross-site
scripting (XSS) attack in the blob viewer of notebooks.
- CVE-2021-22221 (authentication bypass)
An issue has been discovered in GitLab affecting all versions starting
from 12.9.0 before 13.12.2. Insufficient expired password validation in
various operations allowed users to maintain limited access after their
password expired.
Resolution
Upgrade to 13.12.2-1.
# pacman -Syu "gitlab>=13.12.2-1"
The problems have been fixed upstream in version 13.12.2.
References
https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/300308 https://hackerone.com/users/sign_in https://hackerone.com/users/sign_in https://gitlab.com/gitlab-org/gitlab/-/issues/300709 https://hackerone.com/users/sign_in https://gitlab.com/gitlab-org/gitlab/-/issues/297665 https://hackerone.com/users/sign_in https://gitlab.com/gitlab-org/gitlab/-/issues/294128 https://hackerone.com/users/sign_in https://security.archlinux.org/CVE-2021-22181 https://security.archlinux.org/CVE-2021-22213 https://security.archlinux.org/CVE-2021-22214 https://security.archlinux.org/CVE-2021-22216 https://security.archlinux.org/CVE-2021-22217 https://security.archlinux.org/CVE-2021-22218 https://security.archlinux.org/CVE-2021-22219 https://security.archlinux.org/CVE-2021-22220 https://security.archlinux.org/CVE-2021-22221
Workaround
None.