Vulnerabilities

Researchers Found Multiple Critical Security Vulnerabilities in GitLab

This week, GitLab has rolled-out numerous updated versions addressing critical security flaws. All these critical vulnerabilities in GitLab belonged to different categories and targeted different versions. While GitLab has not revealed much detail yet, it highly recommends the users to update their systems.

Multiple Vulnerabilities Discovered In GitLab

Researchers found multiple vulnerabilities in GitLab. The popular DevOps platform confirmed the existence of these critical flaws. As revealed, the firm has addressed three different vulnerabilities in the software.

The first of these vulnerabilities could allow an adversary to view internal resources when accessing the Grafana dashboard via hard-coded credentials. The vulnerability reported by Michael Gernoth has received CVE ID CVE-2019-14943. It affected the GitLab CE/EE versions 12.0 and later.

The second problem existed due to “Improper parameter sanitization on Gitaly”. Assigned as CVE-2019-14944, the flaw could give rise to numerous remote code execution and privilege escalation vulnerabilities. This problem affected GitLab CE/EE versions 10.0 and later.

GitLab has credited William Bowling (vakzz) for reporting this flaw. It also seems that this vulnerability made the researcher win a bounty of $12,000, as visible on his HackerOne account.

Another major security problem, CVE-2019-14942, targeted GitLab CE/EE versions 11.5 and later. Regarding this vulnerability, GitLab stated in the advisory,

Authentication cookies on GitLab Pages with Access Control could be sent over HTTP and weren’t properly encrypted, which made them vulnerable to Man-In-The-Middle attacks.

GitLab Patched The Security Flaws

Fortunately, GitLab has already patched all the three security flaws before any exploitation occurred. Regarding the fix for CVE-2019-14943, GitLab elaborated,

Basic authentication and hard-coded admin credentials are now disabled by default in the bundled Grafana instance as part of the Omnibus-based GitLab packages. This change forces GitLab SSO to be the only authentication method, creates a backup of existing data, and resets the Grafana configuration to the GitLab default.

The patched versions include GitLab Community Edition (CE) and Enterprise Edition (EE) versions 12.1.6, 12.0.6, and 11.11.8 respectively.

For now, GitLab has committed to publicly disclosing the vulnerability details in about one month. However, users must ensure they update their systems immediately with the patched versions to ensure they are protected.

Take your time to comment on this article.

You Might Also Like