Gitlab is a popular open source project for software development. It is commonly used for projects such as bug tracking, web content management, and also for corporate intranet usage. There are more than 35 million active installations of Gitlab in the wild. A DoS vulnerability was discovered in Gitlab that could be used to crash the website and cause outages in the affected systems. This vulnerability has been assigned the type ‘critical’ by Red Hat. It has been patched by the 15.2.2 version. A potential DoS vulnerability was discovered in Gitlab versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit message field. The Gitlab server was vulnerable to a Denial-of-Service (DoS) attack. The DoS attack triggered high CPU usage of the Gitlab server, thereby crashing the Gitlab services. This could result in data loss and production outages for businesses using Gitlab for their projects.

Finding the Gitlab DoS Vulnerability

Gitlab has a search page for vulnerabilities. This article suggests that the vulnerability can be found by searching for CVE-2022-2908, which is the assigned CVE ID to this vulnerability. The search results show a couple of potential vulnerabilities that have been fixed in recent versions of Gitlab. This article also suggests that the vulnerability could be found in versions 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, and all versions starting from 15.3 before 15.3.1 as they are vulnerable to high CPU usage DoS attacks due to a special crafted input added in the Commit message field of GitLab's server.

Summary of Gitlab Denial-of-Service vulnerability

This Denial-of-Service (DoS) vulnerability was discovered in Gitlab versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit message field which could result in data loss and production outages for businesses using Gitlab for their projects when exploited successfully by an attacker who could cause high CPU usage of the Gitlab servers causing them to crash and potentially data loss for the affected users and company's systems or data loss that is caused by deleting files on their system or destroying encrypted data or backups of the affected systems, such as following a successful attack where an attacker causes the Gitlab server to crash and stop responding to queries over HTTP/HTTPS or receiving other malicious responses from the server or having other malicious actions taken against them by the server, including but not limited to:

* The attacker creates dirty commits at low frequency with a high amount of disk space used
* The attacker makes commits that change ignored files
* The attacker creates many commits with small diffs resulting in large number of lines changed
* The attackers commits are invalid resulting in an error response

Research Methodology

First, the vulnerability was discovered in Gitlab. Then, a research team found that versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 were vulnerable to a Denial-of-Service (DoS) attack that resulted in high CPU usage of the Gitlab server and potential data loss and production outages for businesses using Gitlab for their projects

How to check Gitlab server version?

Gitlab Version 10.7 and earlier versions are vulnerable to a Denial-of-Service (DoS) attack. The DoS attack triggered high CPU usage of the Gitlab server, thereby crashing the Gitlab services. This could result in data loss and production outages for businesses using Gitlab for their projects.

Exploitation of the Gitlab DoS Vulnerability

Gitlab is a popular open source project for software development. It is commonly used for projects such as bug tracking, web content management, and also for corporate intranet usage.
A DoS vulnerability was discovered in Gitlab that could be used to crash the website and cause outages in the affected systems. This vulnerability has been assigned the type ‘critical’ by Red Hat. It has been patched by the 15.2.2 version.
A potential DoS vulnerability was discovered in Gitlab versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit message field. The Gitlab server was vulnerable to a Denial-of-Service (DoS) attack that could result in data loss and production outages for businesses using Gitlab for their projects if exploited successfully

Timeline

Published on: 10/17/2022 16:15:00 UTC
Last modified on: 10/19/2022 17:29:00 UTC

References