CVE-2022-1190, a significant security vulnerability, has been discovered in GitLab CE/EE (Community Edition and Enterprise Edition) software. The vulnerability existed due to incorrect handling of user input and has impacted GitLab CE/EE versions 8.3 through 14.7.7, 14.8 through 14.8.5, and 14.9 through 14.9.2. An attacker could exploit this vulnerability to perform stored XSS attacks, which could then lead to unwanted actions on behalf of the user. This post illustrates the details of the vulnerability, code snippets, links to original references, and guidance on how to address it.
Vulnerability Details
The stored XSS (Cross-Site Scripting) vulnerability in GitLab mainly concerns the improper handling of user input within the milestone references. In the affected versions of GitLab, it is possible for an attacker to inject malicious scripts into multi-word milestone references of issue descriptions, comments, and other places within GitLab. When another GitLab user views these issue descriptions, comments, or related information, the attacker's script could execute in the user's browser.
A successful exploit of this vulnerability could allow the attacker to perform actions on behalf of the affected user, steal sensitive information, or even gain unauthorized access to the GitLab application.
Here's an example of a simple exploit using the milestone reference
%20%27%3E%3Cscript%3Ealert%28%27XSS%20vulnerability%20exploited%27%29%3C%2Fscript%3E%20
The attacker would insert the encoded script inside a milestone reference while creating or editing an issue or comment:
%Milestone<SPACE>'><script>alert('XSS vulnerability exploited')</script><SPACE>%
When other users view this issue or comment, the stored XSS attack executes the script.
GitLab has published an advisory with information about this vulnerability
For more information and technical details, please refer to the following sources
- CVE-2022-1190 - NIST National Vulnerability Database
- CVE-2022-1190 - MITRE CVE Database
Exploit and Mitigation
If you are running an affected version of GitLab CE/EE, the most effective way to address this vulnerability is to update your GitLab installation to a version with the latest security fixes. GitLab has released patches for this vulnerability in versions 14.7.7, 14.8.5, and 14.9.2. To protect your GitLab instance, follow the update instructions in the GitLab Update Documentation.
If updating immediately is not an option, consider implementing input validation or sanitization within the milestone references to prevent the execution of malicious scripts. However, updating your GitLab installation is strongly recommended for comprehensive protection against this vulnerability and other security issues.
Conclusion
CVE-2022-1190 is a serious security vulnerability discovered in GitLab CE/EE, potentially allowing attackers to perform stored XSS attacks through multi-word milestone references. To safeguard your GitLab instance and user data, it is crucial to keep your GitLab installation up to date with the latest security patches. Be sure to review and follow GitLab's security advisories and best practices to ensure the security and integrity of your GitLab installation.
Timeline
Published on: 04/04/2022 20:15:00 UTC
Last modified on: 04/11/2022 13:43:00 UTC