cnvd - cnvd-2021-91177

cnvd-2021-91177

Vulnerability from cnvd

Title: GitLab输入验证错误漏洞（CNVD-2021-91177）

Description:

GitLab是美国GitLab公司的一款使用Ruby on Rails开发的、自托管的、Git（版本控制系统）项目仓库应用程序。该程序可用于查阅项目的文件内容、提交历史、Bug列表等。

GitLab CE/EE存在输入验证错误漏洞，攻击者可利用该漏洞将管道计划设置为在项目导出中处于活动状态，以便在未知情的情况下owner导入该项目，默认情况下该项目的管道处于活动状态。

Severity: 低

Formal description:

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.auscert.org.au/bulletins/

Reference: https://www.auscert.org.au/bulletins/ESB-2021.3608

Impacted products

Name
GitLab GitLab CE/EE >=8.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-39895"
    }
  },
  "description": "GitLab\u662f\u7f8e\u56fdGitLab\u516c\u53f8\u7684\u4e00\u6b3e\u4f7f\u7528Ruby on Rails\u5f00\u53d1\u7684\u3001\u81ea\u6258\u7ba1\u7684\u3001Git\uff08\u7248\u672c\u63a7\u5236\u7cfb\u7edf\uff09\u9879\u76ee\u4ed3\u5e93\u5e94\u7528\u7a0b\u5e8f\u3002\u8be5\u7a0b\u5e8f\u53ef\u7528\u4e8e\u67e5\u9605\u9879\u76ee\u7684\u6587\u4ef6\u5185\u5bb9\u3001\u63d0\u4ea4\u5386\u53f2\u3001Bug\u5217\u8868\u7b49\u3002\n\nGitLab CE/EE\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u7ba1\u9053\u8ba1\u5212\u8bbe\u7f6e\u4e3a\u5728\u9879\u76ee\u5bfc\u51fa\u4e2d\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\uff0c\u4ee5\u4fbf\u5728\u672a\u77e5\u60c5\u7684\u60c5\u51b5\u4e0bowner\u5bfc\u5165\u8be5\u9879\u76ee\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u8be5\u9879\u76ee\u7684\u7ba1\u9053\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.auscert.org.au/bulletins/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-91177",
  "openTime": "2021-11-25",
  "products": {
    "product": "GitLab GitLab CE/EE \u003e=8.0"
  },
  "referenceLink": "https://www.auscert.org.au/bulletins/ESB-2021.3608",
  "serverity": "\u4f4e",
  "submitTime": "2021-11-01",
  "title": "GitLab\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2021-91177\uff09"
}

CVE-2021-39895 (GCVE-0-2021-39895)

Vulnerability from cvelistv5

Published

2021-11-04 23:11

Modified

2024-08-04 02:20

Severity ?

6.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L

CWE

Configuration in GitLab

Summary

In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active by default on that project. Under specialized conditions, this may lead to information disclosure if the project is imported from an untrusted source.

References

▼	URL	Tags
	https://gitlab.com/gitlab-org/gitlab/-/issues/337824	x_refsource_MISC
	https://hackerone.com/reports/1272535	x_refsource_MISC
	https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39895.json	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	GitLab	GitLab	Version: >=8.0, <14.1.7 Version: >=14.2, <14.2.5 Version: >=14.3, <14.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:20:33.884Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/337824"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/1272535"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39895.json"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "GitLab",
          "vendor": "GitLab",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e=8.0, \u003c14.1.7"
            },
            {
              "status": "affected",
              "version": "\u003e=14.2, \u003c14.2.5"
            },
            {
              "status": "affected",
              "version": "\u003e=14.3, \u003c14.3.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Thanks @justas_b for reporting this vulnerability through our HackerOne bug bounty program."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active by default on that project. Under specialized conditions, this may lead to information disclosure if the project is imported from an untrusted source."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Configuration in GitLab",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-04T23:11:51",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/337824"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/1272535"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39895.json"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@gitlab.com",
          "ID": "CVE-2021-39895",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GitLab",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e=8.0, \u003c14.1.7"
                          },
                          {
                            "version_value": "\u003e=14.2, \u003c14.2.5"
                          },
                          {
                            "version_value": "\u003e=14.3, \u003c14.3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "GitLab"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Thanks @justas_b for reporting this vulnerability through our HackerOne bug bounty program."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active by default on that project. Under specialized conditions, this may lead to information disclosure if the project is imported from an untrusted source."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Configuration in GitLab"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/337824",
              "refsource": "MISC",
              "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/337824"
            },
            {
              "name": "https://hackerone.com/reports/1272535",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/1272535"
            },
            {
              "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39895.json",
              "refsource": "CONFIRM",
              "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39895.json"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2021-39895",
    "datePublished": "2021-11-04T23:11:51",
    "dateReserved": "2021-08-23T00:00:00",
    "dateUpdated": "2024-08-04T02:20:33.884Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted