{"id":163649,"date":"2024-05-24T20:39:22","date_gmt":"2024-05-24T20:39:22","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=163649"},"modified":"2024-05-24T20:39:24","modified_gmt":"2024-05-24T20:39:24","slug":"gitlab-xss-flaw","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/163649\/hacking\/gitlab-xss-flaw.html","title":{"rendered":"An XSS flaw in GitLab\u00a0allows attackers to take over accounts<\/gwmw>"},"content":{"rendered":"
<\/div>\n

GitLab addressed a high-severity cross-site scripting (XSS) vulnerability that allows unauthenticated\u00a0attackers to take over user accounts.<\/gwmw><\/gwmw><\/h2>\n\n\n\n

GitLab fixed a high-severity XSS vulnerability, tracked as\u00a0CVE-2024-4835<\/a>, that allows attackers to take over user accounts.<\/p>\n\n\n\n

An attacker can exploit this issue by using a specially crafted page to exfiltrate sensitive user information.<\/p>\n\n\n\n

The vulnerability impacts versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. <\/p>\n\n\n\n

The flaw was addressed with the release of versions 17.0.1, 16.11.3, and 16.10.6 for GitLab Community Edition (CE) and Enterprise Edition (EE).<\/p>\n\n\n\n

“A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1.” reads the advisory<\/strong><\/a> published by the company. “By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information.” <\/em><\/p>\n\n\n\n

matanber<\/a>\u00a0reported this vulnerability through our HackerOne bug bounty program, he received a $10,270 bounty.<\/p>\n\n\n\n

Below is the list of vulnerabilities addressed by the company:<\/p>\n\n\n\n

Title<\/gwmw><\/th>Severity<\/th><\/tr><\/thead>
1-click account takeover via XSS leveraging the VS code editor (Web IDE)<\/a><\/gwmw><\/td>High<\/td><\/tr>
A DOS vulnerability in the ‘description’ field of the runner<\/a><\/td>Medium<\/td><\/tr>
CSRF via K8s cluster-integration<\/a><\/td>Medium<\/td><\/tr>
Using Set Pipeline Status of a Commit API incorrectly create a new pipeline when SHA and pipeline_id did not match<\/a><\/td>Medium<\/td><\/tr>
Redos on wiki render API\/Page<\/a><\/td>Medium<\/td><\/tr>
Resource exhaustion and denial of service with test_report API calls<\/a><\/td>Medium<\/td><\/tr>
Guest user can view dependency lists of private projects through job artifacts<\/a><\/td>Medium<\/td><\/tr><\/tbody><\/table>
<\/gwmw><\/figcaption><\/figure>\n\n\n\n

In early May, the U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added<\/a>\u00a0a GitLab\u00a0Community and Enterprise Editions improper access control vulnerability to its\u00a0Known Exploited Vulnerabilities (KEV) catalog<\/a>.<\/p>\n\n\n\n

The issue, tracked as\u00a0CVE-2023-7028<\/a>\u00a0(CVSS score: 10.0), is an account takeover via Password Reset. The flaw can be exploited to hijack an account without any interaction.<\/gwmw><\/p>\n\n\n\n

Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n

Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n

(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking, XSS)<\/strong><\/p>\n\n\n\n

<\/gwmw><\/gwmw><\/p>\n","protected":false},"excerpt":{"rendered":"

GitLab addressed a high-severity cross-site scripting (XSS) vulnerability that allows unauthenticated\u00a0attackers to take over user accounts. GitLab fixed a high-severity XSS vulnerability, tracked as\u00a0CVE-2024-4835, that allows attackers to take over user accounts. An attacker can exploit this issue by using a specially crafted page to exfiltrate sensitive user information. The vulnerability impacts versions 15.11 before […]<\/p>\n","protected":false},"author":1,"featured_media":93416,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3323,5,55],"tags":[10203,4112,9508,9506,10918,687,841,1533,963],"class_list":["post-163649","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-breaking-news","category-hacking","category-security","tag-gitlab","tag-hacking","tag-hacking-news","tag-information-security-news","tag-it-information-security","tag-pierluigi-paganini","tag-security-affairs","tag-security-news","tag-xss"],"yoast_head":"\n杭州江阴科强工业胶带有限公司