GitLab Releases Critical Security Advisory

Security updates for five vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE), including one critical severity vulnerability

Threat ID:: CC-4435
Threat Severity:: Medium
Published:: 15 January 2024 3:44 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security updates for five vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE), including one critical severity vulnerability

Affected platforms

The following platforms are known to be affected:

GitLab

All versions prior to:

16.7.2
16.6.4
16.5.6

Threat details

Introduction

GitLab have released a critical security update to address five vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE), including one critical severity vulnerability.

CVE-2023-7028 has a CVSSv3 score of 10 and could allow user account password reset emails to be delivered to an unverified email address. CVE-2023-5356 has a CVSSv3 score of 7.3 and could allow an attacker to abuse Slack/Mattermost integrations to execute slash commands as another user. An attacker could exploit these vulnerabilities to take control of an affected system

Exploitation of CVE-2023-7028

The US Cybersecurity and Infrastructure Security Agency (CISA) have added CVE-2023-7028 to the list of Known Exploited Vulnerability Catalog, which indicates that it is being exploited in the wild. Proof-of-concept code was made available in January 2024.

Threat updates

Date	Update
2 May 2024	CVE-2023-7028 exploitation in the wild The Cyber Alert has been updated to reflect this change
19 Jan 2024	Proof-of-Concept code published for CVE-2023-7028 The Cyber Alert has been updated to reflect this change
16 Jan 2024	CVE-2023-5356 downgraded to CVSSv3 score 7.3 The Cyber Alert has been updated to reflect this change

Remediation advice

Affected organisations are encouraged to review the GitLab Critical Security Release and apply any relevant updates.

Definitive source of threat updates

https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/

CVE Vulnerabilities

Status Published

CVE-2023-7028

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.

Status Published

CVE-2023-5356

Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user.

Status Published

CVE-2023-4812

An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously approved merge request.

Status Published

CVE-2023-6955

An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.

Status Published

CVE-2023-2030

An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits.

Last edited: 2 May 2024 2:36 pm