John Layden Jan 13, 2022 16:41 UTC
Updated: January 13, 2022 18:30 UTC
HackerOne bug bounty report classification
renew GitLab has rolled out an important security release that addresses multiple flaws, including an arbitrary file read issue rated “critical” and two high-impact vulnerabilities.
Updates to the popular version control platform released this week address a vulnerability in Notes involving cross-site scripting (XSS), as well as a high-impact authentication-related vulnerability involving a missing state parameter in the GitHub import project OAuth.
Users of the DevOps platform are strongly advised to upgrade to 14.6.2, 14.5.3 or 14.4.5 of GitLab Community Edition (CE) and Enterprise Edition (EE) to protect their environment.
The release also mitigates seven medium-severity and two low-risk security vulnerabilities.
Coordinated Disclosure
Ethical hackers reported all three high-severity vulnerabilities to GitLab through a bug bounty program run by HackerOne.
daily swig All three security researchers were contacted for more information, but we have yet to hear back.
GitLab released a Security Notice Summarizes the contents of its security update, but does not go into detail.
Catch up on the latest DevSecOps news and analysis
According to GitLab’s summary, the arbitrary file read vulnerability stems from improper file handling involving the group import feature.
One of the high severity issues (tracked as CVE-2021-39946) means that the generation of emoji-related HTML code can be abused to find an XSS vulnerability stored in GitLab’s commenting feature. According to GitLab, “incorrect neutralization of user input” is the culprit for this problem.
Another high-severity vulnerability leaves GitLab instances vulnerable to cross-site request forgery (CSRF) attacks, “allowing malicious users to import their GitHub projects into another GitLab user account.”
The root cause of the problem (CVE-2022-0154) is the missing state parameter on the GitHub import project OAuth.
response from daily swig, GitLab comments on how it works with ethical hackers to identify security issues.
The GitLab bug bounty program and talented bug bounty reporters from around the world help us strengthen our products by identifying security vulnerabilities. In February 2021, GitLab moved to HackerOne’s hosted bug bounty program. This allows us to scale our report triage process, filter out noise, attract the best bounty hunters from around the world, and ultimately get the most important reports to our security and development teams faster.
This week’s security update from GitLab is the latest version of its regular monthly security releases. These are usually around a week after an update that introduces a new feature.
This story has been updated to add comments from GitLab
you might also like Launched Bug Alert to provide an early warning system for critical vulnerabilities
