Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-1FB13175-ED52-11EA-8B93-001B217B3468 (CVE-2020-13297): Gitlab -- multiple vulnerabilities

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

FreeBSD: VID-1FB13175-ED52-11EA-8B93-001B217B3468 (CVE-2020-13297): Gitlab -- multiple vulnerabilities

Severity
5
CVSS
(AV:N/AC:M/Au:S/C:P/I:P/A:N)
Published
09/02/2020
Created
09/05/2020
Added
09/03/2020
Modified
10/20/2020

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-1FB13175-ED52-11EA-8B93-001B217B3468:

Gitlab reports:

Vendor Cross-Account Assume-Role Attack

Stored XSS on the Vulnerability Page

Outdated Job Token Can Be Reused to Access Unauthorized Resources

File Disclosure Via Workhorse File Upload Bypass

Unauthorized Maintainer Can Edit Group Badge

Denial of Service Within Wiki Functionality

Sign-in Vulnerable to Brute-force Attacks

Invalidated Session Allows Account Access With an Old Password

GitLab Omniauth Endpoint Renders User Controlled Messages

Blind SSRF Through Repository Mirroring

Information Disclosure Through Incorrect Group Permission Verifications

No Rate Limit on GitLab Webhook Feature

GitLab Session Revocation Feature Does Not Invalidate All Sessions

OAuth Authorization Scope for an External Application Can Be Changed Without User Consent

Unauthorized Maintainer Can Delete Repository

Improper Verification of Deploy-Key Leads to Access Restricted Repository

Disabled Repository Still Accessible With a Deploy-Token

Duplicated Secret Code Generated by 2 Factor Authentication Mechanism

Lack of Validation Within Project Invitation Flow

Current Sessions Not Invalidated Upon Enabling 2 Factor Authentication

Users Without 2 Factor Authentication Can Be Blocked Accessing GitLab

Lack of Upper Bound Check Leading to Possible Denial of Service

2 Factor Authentication for Groups Was Not Enforced Within API Endpoint

GitLab Runner Denial of Service via CI Jobs

Update jQuery Dependency

Solution(s)

  • freebsd-upgrade-package-gitlab-ce

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;