CVE-2023-2442: GitLab CE/EE Stored XSS Vulnerability in Merge Request (Multiple Versions)

A recently discovered vulnerability (CVE-2023-2442) in GitLab Community Edition (CE) and GitLab Enterprise Edition (EE) impacts several versions, starting from 15.11 before 15.11.7 and extending to all versions beginning with 16. before 16..2. This vulnerability involves a stored Cross-Site Scripting (XSS) issue, which could allow attackers to execute arbitrary actions on behalf of the victim. This long read post will discuss the vulnerability in detail, provide code snippets, and link to original references and exploit details.

Issue Description

The vulnerability allows for a specially crafted merge request that could lead to a stored XSS on the client side. This allows attackers to perform actions on behalf of victims, potentially exposing sensitive information, causing unintended changes to the project, or even compromising the entire GitLab server.

In simple terms, an attacker can create a merge request with malicious code in the title or description that, when viewed by a victim, will cause the victim's browser to execute the attacker's code. This can result in the attacker gaining access to the victim's GitLab account and permissions, thus allowing them to perform various unauthorized actions within GitLab.

[TITLE or DESCRIPTION]

<script>
  // Malicious code goes here
</script>

Affected GitLab Versions

- GitLab CE/EE 15.11 before 15.11.7
- GitLab CE/EE 16. before 16..2

Exploit Details

The harmful code in the merge request could be hidden within an innocuous-looking comment or string. By using the vulnerability, an attacker could gain access to the victim's privileges on the GitLab server, potentially obtaining sensitive information or making unintended changes to the project. Moreover, this vulnerability could be chained with other GitLab vulnerabilities for even more severe attack outcomes.

GitLab has remedied this vulnerability in the following versions

- GitLab CE/EE 15.11.7
- GitLab CE/EE 16..2

It is highly recommended to upgrade to the latest available version of GitLab CE/EE to ensure that your instance is protected from this vulnerability. Additionally, follow best practices for web application security, such as always validating user inputs, and follow the principle of least privilege when giving permissions to users.

Conclusion

CVE-2023-2442 is a significant stored XSS vulnerability in GitLab CE/EE that could lead to unauthorized actions on behalf of victims. Users are urged to update their GitLab instances as soon as possible to protect against this threat. It is vital to stay informed about new vulnerabilities and apply patches promptly to minimize risk and maintain a secure environment.

Timeline

Published on: 06/07/2023 16:15:00 UTC
Last modified on: 06/13/2023 20:51:00 UTC