Security News > 2023 > September > GitLab fixes critical vulnerability, patch now! (CVE-2023-5009)

GitLab has fixed a critical vulnerability in the Enterprise Edition and Community Edition of its widely used DevOps platform.

"Scan execution policy allows configuring built-in scanners for GitLab projects, such as static analysis and vulnerability scanning. These scanners are running in dedicated pipelines with a predefined set of permissions," Alex Ilgayev, head of security research at Cycode told Help Net Security.

"According to the GitLab issue tracker and source code, any user can easily exploit that vulnerability by changing the policy file author using the 'git config' command. The scan is done through the identity of the policy file's last committer, effectively gaining the permissions of arbitrary users," Ilgayev added.

GitLab updated the mechanism to execute these security scans using a dedicated bot user with limited permissions. While GitLab didn't release official information regarding the bypass, by inspecting the GitLab source code, the bypass seems to involve removing the bot user from the group and allowing the execution of the previous vulnerability flow again."

GitLab has released fixed versions for GitLab Community Edition and Enterprise Edition.

"We strongly recommend that all GitLab installations be upgraded to one of these versions immediately. GitLab.com is already running the patched version," said Nick Malcolm, senior application security engineer at GitLab.

News URL

https://www.helpnetsecurity.com/2023/09/22/cve-2023-5009/