causing the application to crash and possibly giving attackers the ability to take over the server. This vulnerability has been assigned the bug identifier CVE-2018-16392. This vulnerability is only applicable to installations using the latest versions of GitLab such as the latest versions of GitLab EE/CE from 15.1.5 up to 15.2.3. In versions of GitLab older than 15.2.3 and 15.3, the import from GitHub API endpoint is not enabled by default. In order to be vulnerable to this issue, an attacker needs to have a GitLab server account and be able to deploy a malicious code into GitLab. The import from GitHub API endpoint is used by GitLab to import code from GitHub into its package repository. This endpoint is accessible to all GitLab users, so it’s possible for any user to exploit this vulnerability. The only requirements for a successful attack are: - A GitLab server account - A malicious code to place into GitLab's package repository

Summary

A vulnerability was discovered in GitLab that could allow for an attacker to take over the application and cause the application to crash. This vulnerability is only applicable to installations using the latest versions of GitLab such as the latest versions of GitLab EE/CE from 15.1.5 up to 15.2.3, and is present on a server where the user has access permissions to deploy a malicious code into the package repository. The vulnerability allows an attacker able to get their hands on this code to take over the server, and is only possible if there are no encryption or authentication mechanisms in place on that system.

Analysis

The GitLab import from GitHub endpoint is used by GitLab to import code from GitHub into its package repository. This endpoint is accessible to all GitLab users, so it’s possible for any user to exploit this vulnerability. The only requirements for a successful attack are: - A malicious code to place into GitLab's package repository - A GitLab server account
In versions of GitLab older than 15.2.3 and 15.3, the import from GitHub API endpoint is not enabled by default. In order to be vulnerable to this issue, an attacker needs to have a GitLab server account and be able to deploy a malicious code into GitLab. The import from GitHub API endpoint is used by GitLab to import code from GitHub into its package repository. This endpoint is accessible to all GitLab users, so it’s possible for any user to exploit this vulnerability

Description

A vulnerability in GitLab that can allow attackers to take over a server is described. This vulnerability is only applicable in installations using the latest versions of GitLab like the latest versions of GitLab EE/CE from 15.1.5 up to 15.2.3 and earlier versions of GitLab older than 15.2.3 and 15.3 as well as installations where the import from GitHub API endpoint is available for all users (not just administrators). If an attacker has a malicious code to place into GitLab's package repository, they can gain control of the server and cause it to crash, which would give them access to the server's secrets and provide them with privileges on it.

Timeline

Published on: 10/17/2022 16:15:00 UTC
Last modified on: 10/19/2022 17:48:00 UTC

References