The most noteworthy of these vulnerabilities includes an arbitrary file read flaw (pending CVE assignment). Reported by bug hunter William Bowling, the flaw allowed arbitrary local file read when moving issues between projects. This vulnerability affected GitLab Enterprise Edition (EE)/ Community Edition (CE) version 8.5.
The same researcher also found another a SSRF vulnerability in the project import feature (CVE-2020-10956). GitLab hasn’t disclosed the versions affected by this flaw.
For his discovery, Bowling has won a $20,000 bounty as well.
Another important finding came from a bug bounty hacker with alias xyd (saltyyolk) of Chaitin Tech. He reported a path traversal vulnerability (CVE-2020-10953) affecting the NPM package registry. This flaw affected GitLab EE 11.7 and later versions.
Likewise, there was a flaw with Repository archives download which may lead to denial of service (CVE-2020-10954). Details regarding the versions affected by this flaw are yet to surface online.
Details regarding other security fixes are available in GitLab’s advisory.
Consequently, they have rolled-out the versions 12.9.1, 12.8.8, and 12.7.8 for GitLab Community Edition (CE) and Enterprise Edition (EE). They have urged all users to upgrade to one of these patched versions immediately to stay protected. Whereas, complete disclosure of the bugs will be publicly available after 30 days.
Let us know your thoughts in the comments
