CVE-2022-4092 - GitLab EE Vulnerability: README Page Remote Code Execution in Versions 15.6 and Earlier

A new vulnerability has been reported in GitLab EE, with the identifier CVE-2022-4092. This critical issue affects all GitLab EE versions starting from 15.6, up to and including 15.6.. The issue stems from improper neutralization of user-supplied input in the README page, allowing attackers to create malicious README pages that could potentially lead to remote code execution. The GitLab team has addressed this vulnerability in version 15.6.1.

Vulnerability Details

CVE-2022-4092 is a serious vulnerability that affects the GitLab EE platform. The root cause of the issue is improper neutralization of user-supplied input when rendering the README pages, which could allow an attacker to craft a malicious page that includes embedded code for remote execution.

Exploit Details

An attacker could exploit this vulnerability by crafting a malicious README page that includes embedded remote code, which will be executed when the user or the system processes the page. This could allow the attacker to execute arbitrary code on the affected GitLab EE instance, potentially leading to a full compromise of the system.

Here is an example of a malicious README page with embedded code

# Vulnerable GitLab EE README page
---
<div onmouseover="javascript:alert('Remote code executed!');" style="position:absolute;width:100%;height:100%;left:;top:"> </div>
---

In this example, the embedded JavaScript code is triggered by a mouseover event on a transparent div element, which spans the entire page. When a user hovers over any part of the page, the code will be executed, potentially compromising the system.

Impact

With the ability to execute arbitrary code on the GitLab EE instance, an attacker could perform various malicious activities, such as:

Resolution & Mitigation

The GitLab team has addressed this vulnerability with the release of version 15.6.1. It is highly recommended that users upgrade their GitLab EE instances to this version or a newer one to protect against this threat. Additionally, users are advised to follow best practices for securing their GitLab instances, including:

Original References

For more information on CVE-2022-4092, the related GitLab issue, and the release of GitLab 15.6.1, please refer to the following resources:

- GitLab Security Advisory: https://about.gitlab.com/releases/2022/01/07/critical-security-release-gitlab-15-6-1-security-release/
- CVE-2022-4092 Mitre Details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4092
- NIST National Vulnerability Database: https://nvd.nist.gov/vuln/detail/CVE-2022-4092

Conclusion

The CVE-2022-4092 vulnerability in GitLab EE is a critical issue affecting versions 15.6 and earlier. The improper neutralization of user-supplied input in README pages allows for remote code execution possibilities. GitLab has addressed this issue with the release of version 15.6.1, and users are urged to update their instances as soon as possible to mitigate this threat.

Timeline

Published on: 01/26/2023 21:18:00 UTC
Last modified on: 02/01/2023 17:30:00 UTC