by setting the appropriate Restricted Access restriction. GitLab attempts to parse the job log from the received email and displays the parsed content to the user. Prior to these versions, the parsing of the job log content was handled by an external service called Mailgun, which is used to parse the email and extract the job log. As such, email parsing was not done by GitLab, which could have an impact on the parsing if an unhandled exception was thrown by the external service (in this case, Mailgun).
GitLab 15.4 prior to 15.4.1 and 15.3 prior to 15.3.4 are vulnerable to an unhandled exception in job log parsing in which an attacker can prevent access to the job logs by setting the appropriate Restricted Access restriction.
Impact The only way to prevent access to job logs is by setting the appropriate Restricted Access restriction.
Workaround Unhandled exception in job log parsing in GitLab 15.4 prior to 15.4.1 and 15.3 prior to 15.3.4 is not exploitable due to the above mentioned unhandled exception.
1885 CVE-2018-14761 119 Overflow 2018-01-24 2018-04-14 ** DISPUTED ** An issue was discovered in the Graph API. We do not have sufficient information to make a conclusive assessment at this time.
1886 CVE-2018-14758 119 Overflow Mem
1887 CVE-2018-14757 119 Overflow Mem
Published on: 10/17/2022 16:15:00 UTC
Last modified on: 10/20/2022 14:19:00 UTC